Remote File Inclusion Vulnerability in osDate by osDate Inc.
CVE-2010-1055

Currently unrated

Key Information:

Vendor

Tufat

Status
Osdate
Vendor
CVE Published:
23 March 2010

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2010-1055?

osDate versions 2.1.9 and 2.5.4 are susceptible to multiple remote file inclusion vulnerabilities due to configurations where 'magic_quotes_gpc' is disabled and 'register_globals' is enabled. Attackers can exploit these vulnerabilities to execute arbitrary PHP code through manipulated URLs in the 'config[forum_installed]' parameter, impacting key scripts such as 'forum/adminLogin.php' and 'forum/userLogin.php'. This highlights the importance of proper server configuration and prompt application updates to mitigate risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-1055 - Proof of Concept

References

http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.html
x_refsource_MISC
http://secunia.com/advisories/38943
third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/63005
vdb-entryx_refsource_OSVDB

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.