CVE-2010-1945

Openmairie Openfoncier - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cr4wl3r · textwebappsphp

https://www.exploit-db.com/exploits/12366

View Code ZIP pw:eip

References (8)

[Exploit] http://packetstormsecurity.org/1004-exploits/openfoncier-rfilfi.txt

[Vendor Advisory] http://secunia.com/advisories/39607

[Exploit] http://www.exploit-db.com/exploits/12366

[Third Party Advisory, VDB Entry] http://www.osvdb.org/64196

[Third Party Advisory, VDB Entry] http://www.osvdb.org/64197

[Third Party Advisory, VDB Entry] http://www.osvdb.org/64198

[Third Party Advisory, VDB Entry] http://www.osvdb.org/64199

[Third Party Advisory, VDB Entry] http://www.osvdb.org/64200

Scores

EPSS 0.0433

EPSS Percentile 88.7%

Classification

CWE

CWE-94

Status draft

Affected Products (1)

openmairie/openfoncier

Timeline

Published May 19, 2010

Tracked Since Feb 18, 2026