CVE-2007-5418

Name of the Vulnerable Software and Affected Versions: CARE2X 2G version 2.2

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the root path parameter to various PHP files, including (1) en copyrite.php, (2) vi copyrite.php, and (3) ar copyrite.php in language/ directories, and (4) class access.php, (5) class department.php, (6) class config.php, (7) class image.php, (8) class ward.php, and (9) class product.php in include/care api classes/, as well as (10) gui/smarty template/smarty care.class.php. This can be achieved through different vectors.

Recommendations: For CARE2X 2G version 2.2, consider disabling the root path parameter in the affected PHP files until a patch is available. Restrict access to the vulnerable components, such as the language/ directories and the include/care api classes/ directory, to minimize the risk of exploitation. Avoid using the root path parameter in the affected API endpoints until the issue is resolved.