I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/20857http://sourceforge.net/project/shownotes.php?release_id=331422http://secunia.com/advisories/15558/
