CVE-2010-1921

Name of the Vulnerable Software and Affected Versions OpenMairie openAnnuaire version 2.00

Description The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the path om parameter to various PHP files, including annuaire.class.php, droit.class.php, collectivite.class.php, profil.class.php, direction.class.php, service.class.php, directiongenerale.class.php, and utilisateur.class.php in the obj/ directory.

Recommendations For OpenMairie openAnnuaire version 2.00, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the affected PHP files in the obj/ directory until a patch is available. Avoid using the path om parameter in the affected API endpoints until the issue is resolved.