CVE-2010-1945

Name of the Vulnerable Software and Affected Versions openMairie Openfoncier version 2.00

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the path om parameter to several PHP files, including "action.class.php", "architecte.class.php", "avis.class.php", "bible.class.php", and "blocnote.class.php" in the "obj/" directory, when register globals is enabled.

Recommendations For openMairie Openfoncier version 2.00, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable PHP files in the "obj/" directory until a patch is available. As a temporary workaround, avoid using the path om parameter in the affected API endpoints until the issue is resolved.