Unrated severityNVD Advisory· Published May 24, 2007· Updated Apr 23, 2026

CVE-2007-2859

Description

Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts.

Affected products

Simpgb/Simpgb
cpe:2.3:a:simpgb:simpgb:1.46.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.xmors-seurity.com/advisory/SimpGB%28rfi%29.txtnvdURL Repurposed
osvdb.org/38101nvd
osvdb.org/38102nvd
osvdb.org/38103nvd
osvdb.org/38104nvd
osvdb.org/38105nvd
osvdb.org/38106nvd
osvdb.org/38107nvd
osvdb.org/38108nvd
securityreason.com/securityalert/2735nvd
www.attrition.org/pipermail/vim/2007-May/001626.htmlnvd
www.securityfocus.com/archive/1/469219/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/34428nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000