CVE-2008-2220

Name of the Vulnerable Software and Affected Versions: Interact Learning Community Environment Interact version 2.4.1

Description: The issue allows remote attackers to execute arbitrary PHP code via specific parameters when register globals is enabled. This can be achieved by manipulating the CONFIG[LANGUAGE CPATH] parameter in the "modules/forum/embedforum.php" endpoint and the CONFIG[BASE PATH] parameter in the "modules/scorm/lib.inc.php" endpoint.

Recommendations: For Interact Learning Community Environment Interact version 2.4.1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the modules/forum/embedforum.php and modules/scorm/lib.inc.php endpoints until a patch is available. Avoid using the CONFIG[LANGUAGE CPATH] and CONFIG[BASE PATH] parameters in these endpoints until the issue is resolved.