VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1946
openregistrecil: Multiple PHP remote file inclusion vulnerabilities ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1946

Original

Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) cate...

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-19
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-19




Affected Product Tags
cpe:/a:openmairie:openregistrecil:1.02
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 39611




MISC http://www.exploit-db.com/exploits/12313




MISC http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txt




OSVDB 63963




OSVDB 63962




OSVDB 63961




OSVDB 63960




OSVDB 63959




OSVDB 63958




OSVDB 63957




OSVDB 63956




OSVDB 63955




OSVDB 63954




OSVDB 63953




OSVDB 63952




OSVDB 63951




OSVDB 63950




OSVDB 63949




OSVDB 63948




OSVDB 63947




OSVDB 63946




OSVDB 63945




SECUNIA 39534




Vulnerability Type Code Injection (CWE-94)




Copyright © 2010 JPCERT/CC All Rights Reserved.