CVE-2010-1945 Information

Description

Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00 when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php (2) architecte.class.php (3) avis.class.php (4) bible.class.php and (5) blocnote.class.php in obj/.

Reference

http://packetstormsecurity.org/1004-exploits/openfoncier-rfilfi.txt http://secunia.com/advisories/39607 http://www.exploit-db.com/exploits/12366 http://www.osvdb.org/64196 http://www.osvdb.org/64197 http://www.osvdb.org/64198 http://www.osvdb.org/64199 http://www.osvdb.org/64200