{ "schema_version": "1.4.0", "id": "GHSA-c8jh-w9vh-3vj2", "modified": "2022-05-01T18:33:08Z", "published": "2022-05-01T18:33:08Z", "aliases": [ "CVE-2007-5418" ], "details": "Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5418" }, { "type": "WEB", "url": "http://osvdb.org/43639" }, { "type": "WEB", "url": "http://osvdb.org/43640" }, { "type": "WEB", "url": "http://osvdb.org/43641" }, { "type": "WEB", "url": "http://osvdb.org/43642" }, { "type": "WEB", "url": "http://osvdb.org/43643" }, { "type": "WEB", "url": "http://osvdb.org/43644" }, { "type": "WEB", "url": "http://osvdb.org/43645" }, { "type": "WEB", "url": "http://osvdb.org/43646" }, { "type": "WEB", "url": "http://osvdb.org/43647" }, { "type": "WEB", "url": "http://osvdb.org/43648" }, { "type": "WEB", "url": "http://securityreason.com/securityalert/3216" }, { "type": "WEB", "url": "http://securityvulns.com/Rdocument960.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded" } ], "database_specific": { "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2007-10-12T21:17:00Z" } }