openUrgence Vaccin Multiple Remote File Include Vulnerabilities
BID:39412
CVE-2010-1466 | CVE-2010-1467 |Info
openUrgence Vaccin Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 39412 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1467 CVE-2010-1466 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | cr4wl3r |
| Vulnerable: |
openUrgence Vaccin 1.03 |
| Not Vulnerable: | |
Discussion
openUrgence Vaccin Multiple Remote File Include Vulnerabilities
openUrgence Vaccin is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
openUrgence Vaccin 1.03 is vulnerable; other versions may also be affected.
NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).
openUrgence Vaccin is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
openUrgence Vaccin 1.03 is vulnerable; other versions may also be affected.
NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).
Exploit / POC
openUrgence Vaccin Multiple Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser.
The following example URIs are available:
An attacker can exploit these issues via a browser.
The following example URIs are available:
Solution / Fix
openUrgence Vaccin Multiple Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
openUrgence Vaccin Multiple Remote File Include Vulnerabilities
References:
References:
- Openurgence - Homepage (openUrgence)