CVE-2010-1467

Name of the Vulnerable Software and Affected Versions openUrgence Vaccin version 1.03

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the path om parameter to various PHP files, including collectivite.class.php, injection.class.php, utilisateur.class.php, droit.class.php, laboratoire.class.php, vaccin.class.php, effetsecondaire.class.php, medecin.class.php, individu.class.php, and profil.class.php in the gen/obj/ directory.

Recommendations For openUrgence Vaccin version 1.03, consider restricting access to the path om parameter in the affected PHP files to minimize the risk of exploitation. As a temporary workaround, avoid using the path om parameter in the specified API endpoints until a patch is available.