Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0701)