PHP Remote File Inclusion Vulnerability in CARE2X by Care2X
CVE-2007-1458

Currently unrated

Key Information:

Vendor

Care2x

Status
Care2x
Vendor
CVE Published:
14 March 2007

What is CVE-2007-1458?

CARE2X 1.1 is affected by multiple PHP remote file inclusion vulnerabilities, which allow attackers to execute arbitrary PHP code remotely. The vulnerabilities arise from improper handling of the 'root_path' parameter in various PHP files such as 'inc_checkdate_lang.php', 'inc_currency_set.php', and others. This exposure provides a vector for unauthorized access and potential system compromise, making it essential for users of CARE2X to apply necessary security patches or updates.

References

http://secunia.com/advisories/24481
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/32981
vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/462808/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.