CVE-2009-0595 Information

Description

PHP remote file inclusion vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4 when register_globals is enabled and magic_quotes_gpc is disabled allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.

Reference

http://secunia.com/advisories/33382 http://www.securityfocus.com/bid/33092 https://www.exploit-db.com/exploits/7648