CVE-2010-1467 in openUrgence Vaccin
Summary
by MITRE
Multiple PHP remote file inclusion vulnerabilities in openUrgence Vaccin 1.03 allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) collectivite.class.php, (2) injection.class.php, (3) utilisateur.class.php, (4) droit.class.php, (5) laboratoire.class.php, (6) vaccin.class.php, (7) effetsecondaire.class.php, (8) medecin.class.php, (9) individu.class.php, and (10) profil.class.php in gen/obj/.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/22/2025
The CVE-2010-1467 vulnerability represents a critical remote file inclusion flaw affecting the openUrgence Vaccin 1.03 web application. This vulnerability stems from improper input validation within the application's object-oriented architecture, specifically in the gen/obj/ directory where multiple class files handle user-supplied parameters. The vulnerability manifests when the application fails to sanitize the path_om parameter, allowing attackers to inject malicious URLs that are then executed as PHP code within the context of the web server. The affected files include collectivite.class.php, injection.class.php, utilisateur.class.php, droit.class.php, laboratoire.class.php, vaccin.class.php, effetsecondaire.class.php, medecin.class.php, individu.class.php, and profil.class.php, demonstrating a widespread impact across the application's core object model.
This vulnerability directly maps to CWE-88, known as "Improper Neutralization of Argument Delimiters in a Command" and CWE-94, "Improper Control of Generation of Code ('Code Injection')." The attack vector allows remote threat actors to execute arbitrary PHP code by manipulating the path_om parameter through any of the listed PHP files, effectively bypassing the application's intended security boundaries. The flaw operates by concatenating user-provided URLs into the application's include or require statements without proper validation or sanitization, creating an environment where attacker-controlled content can be interpreted as executable code. This type of vulnerability is particularly dangerous because it can be exploited to gain complete control over the affected web server, potentially leading to data breaches, system compromise, or further network infiltration.
The operational impact of CVE-2010-1467 extends beyond simple code execution, as it provides attackers with a foothold for more sophisticated attacks within the target environment. Once exploited, the vulnerability allows for arbitrary file inclusion, which can be leveraged to upload backdoors, exfiltrate sensitive data, or establish persistent access to the compromised system. The vulnerability affects the entire application stack since all ten affected files share the same parameter handling flaw, making it a comprehensive compromise of the application's object model. From an attacker's perspective, this vulnerability aligns with ATT&CK technique T1505.003, "Web Shell," and T1059.007, "Command and Scripting Interpreter: PowerShell," as it enables the execution of arbitrary commands through PHP code injection. The vulnerability also represents a significant risk to healthcare data systems, given that openUrgence Vaccin is designed for medical record management, potentially exposing sensitive patient information.
Mitigation strategies for CVE-2010-1467 require immediate implementation of input validation and sanitization measures throughout the application's codebase. The primary remediation involves implementing strict parameter validation for all user-supplied inputs, particularly those used in include or require statements, ensuring that only pre-approved values are accepted. The application should implement a whitelist approach for path_om parameter values, rejecting any input that does not match expected patterns or predefined safe paths. Additionally, the application should disable remote file inclusion features entirely and ensure that all include operations use absolute paths rather than relative URLs. Security measures should include implementing proper access controls, regular code audits, and input sanitization libraries to prevent similar vulnerabilities in future development cycles. Organizations should also consider implementing web application firewalls to detect and block malicious requests attempting to exploit this vulnerability, while maintaining comprehensive logging to monitor for exploitation attempts. The vulnerability underscores the critical importance of secure coding practices and proper input validation in preventing remote code execution attacks that can compromise entire web applications.