VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1944
opencimetiere: Multiple PHP remote file inclusion vulnerabilities ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1944

Original

Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_...

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-19
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-19




Affected Product Tags
cpe:/a:openmairie:opencimetiere:2.01
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 39883




MISC http://www.exploit-db.com/exploits/12476




MISC http://packetstormsecurity.org/1005-exploits/opencimetiere-rfi.txt




OSVDB 64245




OSVDB 64244




OSVDB 64243




OSVDB 64242




OSVDB 64241




OSVDB 64240




OSVDB 64239




OSVDB 64238




OSVDB 64237




OSVDB 64236




OSVDB 64235




OSVDB 64234




OSVDB 64233




OSVDB 64232




OSVDB 64231




OSVDB 64230




OSVDB 64229




OSVDB 64228




OSVDB 64227




OSVDB 64226




OSVDB 64225




OSVDB 64224




OSVDB 64223




SECUNIA 39687




VUPEN ADV-2010-1050




Vulnerability Type Code Injection (CWE-94)




XF opencimetiere-pathom-file-include(58267)




Copyright © 2010 JPCERT/CC All Rights Reserved.