openMairie openAnnuaire Remote File Include Vulnerabilities
BID:39887
Info
openMairie openAnnuaire Remote File Include Vulnerabilities
| Bugtraq ID: | 39887 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1921 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | cr4wl3r |
| Vulnerable: |
openMairie openAnnuaire 2.00 |
| Not Vulnerable: | |
Discussion
openMairie openAnnuaire Remote File Include Vulnerabilities
openMairie openAnnuaire is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or to compromise the application and the underlying computer; other attacks are also possible.
openMairie openAnnuaire 2.00 is vulnerable; other versions may also be affected.
NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).
openMairie openAnnuaire is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or to compromise the application and the underlying computer; other attacks are also possible.
openMairie openAnnuaire 2.00 is vulnerable; other versions may also be affected.
NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).
Exploit / POC
openMairie openAnnuaire Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser.
The following example URIs are available:
An attacker can exploit these issues via a browser.
The following example URIs are available:
Solution / Fix
openMairie openAnnuaire Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
openMairie openAnnuaire Remote File Include Vulnerabilities
References:
References:
- openAnnuaire - Homepage (openMairie)