Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP."
http://www.vupen.com/english/advisories/2006/1201
http://www.securityfocus.com/bid/17357
http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524