CVE-2010-1999 in Opencatalogue
Summary
by MITRE
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/20/2025
The vulnerability identified as CVE-2010-1999 represents a critical directory traversal flaw within the OpenMairie Opencatalogue 1.024 web application. This weakness specifically affects the scr/soustab.php script and exploits the dangerous combination of register_globals being enabled in the php.ini configuration. The vulnerability allows remote attackers to manipulate the dsn[phptype] parameter through carefully crafted directory traversal sequences, potentially enabling arbitrary local file inclusion and execution. This type of vulnerability falls under the category of CWE-22 Directory Traversal and specifically aligns with CWE-426 Unrestricted File Upload, as it permits attackers to bypass normal access controls and execute malicious code on the target system.
The technical exploitation of this vulnerability occurs when the application processes user-supplied input through the dsn[phptype] parameter without proper sanitization or validation. When register_globals is enabled, the application inadvertently creates global variables from GET, POST, and cookie data, making it easier for attackers to manipulate the application's behavior. The directory traversal sequences allow attackers to navigate upward in the file system hierarchy, potentially accessing sensitive files such as configuration files, database credentials, or system files that should remain inaccessible. This vulnerability is particularly dangerous because it can be leveraged to execute arbitrary code on the target server, effectively providing attackers with a backdoor into the system and potentially full administrative control.
The operational impact of this vulnerability extends beyond simple unauthorized file access, as it can lead to complete system compromise and data exfiltration. Attackers can leverage this flaw to gain access to sensitive information stored within the application's database, potentially including user credentials, personal information, or proprietary data. The vulnerability can also be used to establish persistent access through the deployment of web shells or other malicious payloads. According to the MITRE ATT&CK framework, this vulnerability maps to T1059 Command and Scripting Interpreter and T1566 Impair Defenses, as it allows for command execution and can be used to disable or bypass security controls. The attack surface is particularly concerning in environments where register_globals remains enabled, as this configuration is considered deprecated and dangerous in modern PHP deployments.
Mitigation strategies for CVE-2010-1999 should focus on immediate remediation of the underlying configuration and code-level fixes. The most effective immediate solution is to disable register_globals in the php.ini configuration file, which removes the primary condition that enables this attack vector. Additionally, comprehensive input validation and sanitization should be implemented throughout the application to prevent directory traversal sequences from being processed. The application code should be updated to properly escape or filter all user-supplied input, particularly parameters that control file inclusion operations. Security patches should be applied to upgrade to a newer version of OpenMairie Opencatalogue that addresses this vulnerability. Network-level mitigations such as web application firewalls and intrusion prevention systems can provide additional protection by detecting and blocking suspicious directory traversal attempts. Organizations should also implement proper access controls and file permissions to limit the impact of successful exploitation attempts. The vulnerability demonstrates the critical importance of following secure coding practices and avoiding deprecated PHP configurations that introduce unnecessary security risks into web applications.