CVE-2010-1934

Name of the Vulnerable Software and Affected Versions openMairie openPlanning version 1.00

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the path om parameter to several PHP files, including categorie.class.php, profil.class.php, collectivite.class.php, ressource.class.php, droit.class.php, utilisateur.class.php, and planning.class.php in the obj/ directory, when register globals is enabled.

Recommendations For openMairie openPlanning version 1.00, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable PHP files in the obj/ directory until a patch is available. Avoid using the path om parameter in the affected API endpoints until the issue is resolved.