CVE-2010-1945 in openFoncier
Summary
by MITRE
Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/21/2025
The CVE-2010-1945 vulnerability represents a critical remote file inclusion flaw affecting openMairie Openfoncier 2.00 software when the PHP register_globals directive is enabled. This vulnerability stems from improper input validation and sanitization within multiple class files that handle file operations. The flaw specifically targets the path_om parameter which is used to construct file paths for various object classes including action.class.php, architecte.class.php, avis.class.php, bible.class.php, and blocnote.class.php located in the obj/ directory structure. When register_globals is enabled, PHP automatically creates global variables from request data, creating a dangerous condition where user-supplied input can directly influence the execution flow of the application.
The technical exploitation of this vulnerability occurs through manipulation of the path_om parameter to inject malicious URLs that point to remote resources. When the application processes these parameters without proper validation, it incorporates the attacker-controlled URL into file inclusion operations, allowing remote code execution. This represents a classic remote file inclusion (RFI) vulnerability that falls under CWE-88, which describes improper neutralization of special elements used in an expression in a way that can lead to the execution of arbitrary code. The vulnerability is particularly dangerous because it affects multiple files within the application's object-oriented structure, providing attackers with multiple potential attack vectors.
The operational impact of this vulnerability is severe as it allows remote attackers to execute arbitrary PHP code on the target server with the privileges of the web application. This can lead to complete system compromise, data theft, server takeover, and further lateral movement within the network. Attackers can leverage this vulnerability to establish persistent backdoors, exfiltrate sensitive data, or deploy additional malicious payloads. The vulnerability's exploitation becomes even more dangerous when considering that register_globals was historically enabled on many production servers, making the attack surface significantly larger. This aligns with ATT&CK technique T1190 which describes the use of remote file inclusion to execute arbitrary code on compromised systems.
Mitigation strategies for CVE-2010-1945 require immediate implementation of multiple security controls. The most effective immediate fix involves disabling the register_globals directive in the PHP configuration, which eliminates the root cause of the vulnerability. Additionally, input validation and sanitization should be implemented across all parameter handling functions to prevent malicious URLs from being processed. The application should implement proper file path validation using allowlists of acceptable paths rather than accepting arbitrary user input for file operations. Regular security audits and code reviews should be conducted to identify similar vulnerabilities in other components. Organizations should also implement network segmentation and monitoring to detect unauthorized access attempts. The vulnerability demonstrates the critical importance of following secure coding practices and avoiding deprecated PHP configurations that create dangerous attack vectors, as outlined in the OWASP Top Ten and various secure coding guidelines.