CVE-2010-1921
published 2010-05-12CVE-2010-1921: Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.22%
86.7th percentile
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openmairie | openannuaire | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit)
exploitdb·2010-07-25
CVE-2005-1921 XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit)
XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit)
---
##
# $Id: php_xmlrpc_eval.rb 9929 2010-07-25 21:37:54Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'PHP XML-RPC Arbitrary Code Execution',
'Description' => %q{
This module exploits an arbitrary code execution flaw
discovered in many implementations of the PHP XML-RPC module.
This flaw is exploitable through a number of PHP web
applications, including but not limited to Drupal, Wordpress,
Postnuke, and TikiWiki.
},
'Author' => [ 'hdm', 'cazz' ],
'Licens
Exploit-DB
Openannuaire Openmairie Annuaire 2.00 - Local File Inclusion / Remote File Inclusion
exploitdb·2010-05-02
CVE-2010-1921 Openannuaire Openmairie Annuaire 2.00 - Local File Inclusion / Remote File Inclusion
Openannuaire Openmairie Annuaire 2.00 - Local File Inclusion / Remote File Inclusion
---
Openannuaire Openmairie Annuaire 2.00 (RFI/LFI) Multiple File Include Vulnerability
[+] Openannuaire Openmairie Annuaire 2.00 (RFI/LFI) Multiple File Include Vulnerability
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 I'm cr4wl3r member from Inj3ct0r Team 1
1 ###################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
No writeups or analysis indexed.
http://packetstormsecurity.org/1005-exploits/openmairie-rfilfi.txthttp://secunia.com/advisories/39673http://www.exploit-db.com/exploits/12486http://www.osvdb.org/64176http://www.osvdb.org/64177http://www.osvdb.org/64178http://www.osvdb.org/64179http://www.osvdb.org/64180http://www.osvdb.org/64181http://www.osvdb.org/64182http://www.osvdb.org/64184http://www.securityfocus.com/bid/39887http://www.vupen.com/english/advisories/2010/1059http://packetstormsecurity.org/1005-exploits/openmairie-rfilfi.txthttp://secunia.com/advisories/39673http://www.exploit-db.com/exploits/12486http://www.osvdb.org/64176http://www.osvdb.org/64177http://www.osvdb.org/64178http://www.osvdb.org/64179http://www.osvdb.org/64180http://www.osvdb.org/64181http://www.osvdb.org/64182http://www.osvdb.org/64184http://www.securityfocus.com/bid/39887http://www.vupen.com/english/advisories/2010/1059
2010-05-12
Published