Unrated severityNVD Advisory· Published Oct 12, 2007· Updated Apr 23, 2026

CVE-2007-5418

Description

Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458.

Affected products

Care2x/2g
cpe:2.3:a:care2x:2g:2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityvulns.com/Rdocument960.htmlnvdExploit
osvdb.org/43639nvd
osvdb.org/43640nvd
osvdb.org/43641nvd
osvdb.org/43642nvd
osvdb.org/43643nvd
osvdb.org/43644nvd
osvdb.org/43645nvd
osvdb.org/43646nvd
osvdb.org/43647nvd
osvdb.org/43648nvd
securityreason.com/securityalert/3216nvd
www.securityfocus.com/archive/1/482006/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000