CVE-2009-2218 Information

Description

Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php (2) i_nav.php (3) user_new_2.php or (4) house/myrents.php; or (5) allbooks.php (6) home.php or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue.

Reference

http://secunia.com/advisories/35452 http://www.exploit-db.com/exploits/9008