openMairie openMaincourante Remote File Include Vulnerabilities
BID:39413
Info
openMairie openMaincourante Remote File Include Vulnerabilities
| Bugtraq ID: | 39413 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2010 12:00AM |
| Updated: | May 04 2010 07:02PM |
| Credit: | cr4wl3r |
| Vulnerable: |
openMairie openMaincourante 1.01beta |
| Not Vulnerable: | |
Discussion
openMairie openMaincourante Remote File Include Vulnerabilities
openMairie openMaincourante is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
openMairie openMaincourante 1.01beta is vulnerable; other versions may also be affected.
NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).
openMairie openMaincourante is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
openMairie openMaincourante 1.01beta is vulnerable; other versions may also be affected.
NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).
Exploit / POC
openMairie openMaincourante Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser.
The following example URIs are available:
An attacker can exploit these issues via a browser.
The following example URIs are available:
Solution / Fix
openMairie openMaincourante Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
openMairie openMaincourante Remote File Include Vulnerabilities
References:
References:
- openMaincourante - Homepage (openMairie)