CVE-2010-1467 Information

Description

Multiple PHP remote file inclusion vulnerabilities in openUrgence Vaccin 1.03 allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) collectivite.class.php (2) injection.class.php (3) utilisateur.class.php (4) droit.class.php (5) laboratoire.class.php (6) vaccin.class.php (7) effetsecondaire.class.php (8) medecin.class.php (9) individu.class.php and (10) profil.class.php in gen/obj/.

Reference

http://secunia.com/advisories/39400 http://www.exploit-db.com/exploits/12193 http://www.securityfocus.com/bid/39412 https://exchange.xforce.ibmcloud.com/vulnerabilities/57815