Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2218


Vulnerability Score 6.8 6.8
CVE Id CVE-2009-2218
Last Modified 26 Jun 2009 12:00:00
Published 25 Jun 2009 07:14:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue.

Vulnerable Systems


  • David Degner Phpcollegeexchange 0.1.5c


MILW0RM - 9008

SECUNIA - 35452

Last Updated: 27 May 2016 10:50:50