CVE-2010-1055
published 2010-03-23CVE-2010-1055: Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote…
PriorityP433medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
2.60%
83.4th percentile
Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tufat | osdate | — | — |
| tufat | osdate | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Tufat osDate 2.1.9/2.5.4 forum/adminLogin.php config[forum_installed] code injection (EDB-11755 / XFDB-56909)
vuldb·2026-05-03·CVSS 5.1
CVE-2010-1055 [MEDIUM] Tufat osDate 2.1.9/2.5.4 forum/adminLogin.php config[forum_installed] code injection (EDB-11755 / XFDB-56909)
A vulnerability was found in Tufat osDate 2.1.9/2.5.4. It has been classified as critical. Affected by this issue is some unknown functionality of the file forum/adminLogin.php. The manipulation of the argument config[forum_installed] leads to code injection.
This vulnerability is referenced as CVE-2010-1055. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
GHSA
GHSA-665f-9wxp-f9v8: Multiple PHP remote file inclusion vulnerabilities in osDate 2
ghsa_unreviewed·2022-05-02
CVE-2010-1055 [MEDIUM] CWE-94 GHSA-665f-9wxp-f9v8: Multiple PHP remote file inclusion vulnerabilities in osDate 2
Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information.
No detection rules found.
No writeups or analysis indexed.
http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.htmlhttp://osvdb.org/63005http://osvdb.org/63006http://secunia.com/advisories/38943http://www.exploit-db.com/exploits/11755http://www.securityfocus.com/bid/38738https://exchange.xforce.ibmcloud.com/vulnerabilities/56909http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.htmlhttp://osvdb.org/63005http://osvdb.org/63006http://secunia.com/advisories/38943http://www.exploit-db.com/exploits/11755http://www.securityfocus.com/bid/38738https://exchange.xforce.ibmcloud.com/vulnerabilities/56909
2010-03-23
Published