CVE-2007-5786

Name of the Vulnerable Software and Affected Versions GoSamba version 1.0.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the include path parameter to various PHP files, including (1) HTML oben.php, (2) inc freigabe.php, (3) inc freigabe1.php, (4) inc freigabe3.php, (5) inc group.php, (6) inc manager.php, (7) inc newgroup.php, (8) inc smb conf.php, (9) inc user.php, and (10) main.php.

Recommendations As a temporary workaround, consider restricting access to the include path parameter in the affected PHP files until a patch is available. Avoid using the include path parameter in the affected API endpoints until the issue is resolved. Restrict access to the vulnerable PHP files to minimize the risk of exploitation.