CVE-2008-0300

Published: Mar 11, 2008Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Affected (5)

Products: Mapbender: Mapbender

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mapbender Mapbender	Version 2.4.1
Mapbender Mapbender	Version 2.4.2
Mapbender Mapbender	Version 2.4.3
Mapbender Mapbender	Version 2.4.4
Mapbender Mapbender	Version 2.4

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://secunia.com/advisories/29329

Source: cve@mitre.org

http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/28195

Source: cve@mitre.org

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/41131

Source: cve@mitre.org

https://www.exploit-db.com/exploits/5232

Source: cve@mitre.org

http://secunia.com/advisories/29329

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/28195

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/41131

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/5232

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.