CVE-2008-0300

2008-03-1123:44:00

CWE-94

mitre

web.nvd.nist.gov

cve-2008-0300

mapbender

remote attack

php code execution

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.034

Percentile

91.5%

JSON

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Affected configurations

Nvd

Node

mapbendermapbenderMatch2.4

mapbendermapbenderMatch2.4.1

mapbendermapbenderMatch2.4.2

mapbendermapbenderMatch2.4.3

mapbendermapbenderMatch2.4.4

VendorProductVersionCPE
mapbendermapbender2.4cpe:2.3:a:mapbender:mapbender:2.4:*:*:*:*:*:*:*
mapbendermapbender2.4.1cpe:2.3:a:mapbender:mapbender:2.4.1:*:*:*:*:*:*:*
mapbendermapbender2.4.2cpe:2.3:a:mapbender:mapbender:2.4.2:*:*:*:*:*:*:*
mapbendermapbender2.4.3cpe:2.3:a:mapbender:mapbender:2.4.3:*:*:*:*:*:*:*
mapbendermapbender2.4.4cpe:2.3:a:mapbender:mapbender:2.4.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mapbender	mapbender	2.4	cpe:2.3:a:mapbender:mapbender:2.4:::::::*
mapbender	mapbender	2.4.1	cpe:2.3:a:mapbender:mapbender:2.4.1:::::::*
mapbender	mapbender	2.4.2	cpe:2.3:a:mapbender:mapbender:2.4.2:::::::*
mapbender	mapbender	2.4.3	cpe:2.3:a:mapbender:mapbender:2.4.3:::::::*
mapbender	mapbender	2.4.4	cpe:2.3:a:mapbender:mapbender:2.4.4:::::::*