openUrgence Vaccin Multiple Remote File Include Vulnerabilities

openUrgence Vaccin is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.

openUrgence Vaccin 1.03 is vulnerable; other versions may also be affected.

NOTE: This BID previously also documented a local file-include vulnerability affecting the 'dsn[phptype]' parameter of the 'scr/soustab.php' script. That issue is already covered in BID 23505 (openMairie Multiple Applications 'dsn[phptype]' Parameter Local File Include Vulnerability).


Privacy Statement
Copyright 2010, SecurityFocus