2 matches found
CVE-2025-44137
MapTiler Tileserver-php v2.0 is affected by a Directory Traversal in the renderTile function of tileserver.php. Improper sanitization of GET parameters allows crafting requests that insert ../ sequences to read arbitrary files on the server. Affected parameters include TileMatrix, TileRow, TileCo...
CVE-2025-44136
MapTiler Tileserver-php v2.0 is affected by an unauthenticated reflected XSS in the GET parameter layer, which is echoed in an error message without HTML encoding. This allows an attacker to execute arbitrary HTML/JavaScript in a victim’s browser. Connected sources confirm the vulnerable componen...