CVE-2007-5418 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5418
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5418

Description: Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458.

CVE Status: Candidate

References: SREASON http://securityreason.com/securityalert/3216 OSVDB 43639 43640 43641 43642 43643 43644 43645 43646 43647 43648 MISC http://securityvulns.com/Rdocument960.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/482006/100/0/threaded

Return to the previous page.