Summary
openUrgence Vaccin is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer
other attacks are also possible.
openUrgence Vaccin 1.03 is vulnerable
other versions may also
be affected.
NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-1466 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities