CVE-2010-1934 Information

Description

Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00 when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php (2) profil.class.php (3) collectivite.class.php (4) ressource.class.php (5) droit.class.php (6) utilisateur.class.php and (7) planning.class.php in obj/.

Reference

http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt http://secunia.com/advisories/39606 http://www.exploit-db.com/exploits/12365 http://www.osvdb.org/64186 http://www.osvdb.org/64187 http://www.osvdb.org/64188 http://www.osvdb.org/64189 http://www.osvdb.org/64191 http://www.osvdb.org/64192