Remote File Inclusion Vulnerability in osDate by osDate Inc.
CVE-2010-1055

Currently unrated

Key Information:

Vendor: Tufat
Status: Osdate
Vendor: CVE Published:; 23 March 2010

What is CVE-2010-1055?

osDate versions 2.1.9 and 2.5.4 are susceptible to multiple remote file inclusion vulnerabilities due to configurations where 'magic_quotes_gpc' is disabled and 'register_globals' is enabled. Attackers can exploit these vulnerabilities to execute arbitrary PHP code through manipulated URLs in the 'config[forum_installed]' parameter, impacting key scripts such as 'forum/adminLogin.php' and 'forum/userLogin.php'. This highlights the importance of proper server configuration and prompt application updates to mitigate risks.

References

http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.html

x_refsource_MISC

http://secunia.com/advisories/38943

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/63005

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2010
Vulnerability Reserved
Mar 23, 2010

Tufat

What is CVE-2010-1055?

References

Timeline