Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2218

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-2218
Last Modified 26 Jun 2009 12:00:00
Published 25 Jun 2009 07:14:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2218

Summary

Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue.

Vulnerable Systems

Application

  • David Degner Phpcollegeexchange 0.1.5c


References

MILW0RM - 9008

SECUNIA - 35452


Last Updated: 27 May 2016 10:50:50