CVE-2007-5786 : Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote

Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.

Published 2007-11-01 16:46:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2007-5786

A-enterprise » Gosamba » Version: 1.0.1
cpe:2.3:a:a-enterprise:gosamba:1.0.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-5786

EPSS FAQ

1.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-5786

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2007-5786

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-5786

Jump to

Vulnerability Details : CVE-2007-5786

Products affected by CVE-2007-5786

Exploit prediction scoring system (EPSS) score for CVE-2007-5786

CVSS scores for CVE-2007-5786

CWE ids for CVE-2007-5786

References for CVE-2007-5786