openMairie openRegistreCIL Remote File Include Vulnerabilities

openMairie openRegistreCIL Remote File Include Vulnerabilities

openMairie openRegistreCIL is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.

openMairie openRegistreCIL 1.02 is vulnerable; other versions may also be affected.

NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).