Intrusion Prevention

CARE2X.Remote.File.Inclusion

Description

It indicates a possible exploit of a PHP remote file inclusion vulnerability in CARE2X.
This flaw is due to input validation errors in "include/inc_news_save.php" when processing the "root_path" parameter.

Affected Products

CARE2X version 2.2.2 and prior.

Impact

The execution of arbitrary PHP code on the system.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.

CVE References

CVE-2007-1458