Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0300

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-0300
Last Modified 07 Mar 2011 10:04:17
Published 11 Mar 2008 07:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0300

Summary

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Vulnerable Systems

Application

  • Mapbender 2.4

  • Mapbender 2.4.1

  • Mapbender 2.4.2

  • Mapbender 2.4.3

  • Mapbender 2.4.4


References

BID - 28195

XF - mapbender-mapfilter-code-execution(41131)

XF - mapbender-mapfiler-code-execution(41131)

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php

MILW0RM - 5232

SECUNIA - 29329


Last Updated: 27 May 2016 10:46:45