Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for mapbender by mapbender
FKIE_CVE-2008-0301
Vulnerability from fkie_nvd - Published: 2008-03-11 23:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6B556A-9697-49EE-8C02-68367E6E0DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "234EFEA2-A7E5-4C26-AB6D-6CAA5D87AE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "939816A3-FDFB-436E-B264-9563DAF17EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22158443-4914-4CCC-827E-DF1CCA7102FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03315A84-729C-4DF6-A7B3-98F13DA9F2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Mapbender versi\u00f3n 2.4.4, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del par\u00e1metro gaz para el archivo mod_gazetteer_edit.php y otros vectores no especificados."
}
],
"id": "CVE-2008-0301",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-11T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=120523564611595\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29329"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3728"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489383/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28193"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41139"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=120523564611595\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489383/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5233"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0300
Vulnerability from fkie_nvd - Published: 2008-03-11 23:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6B556A-9697-49EE-8C02-68367E6E0DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "234EFEA2-A7E5-4C26-AB6D-6CAA5D87AE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "939816A3-FDFB-436E-B264-9563DAF17EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22158443-4914-4CCC-827E-DF1CCA7102FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03315A84-729C-4DF6-A7B3-98F13DA9F2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences."
},
{
"lang": "es",
"value": "mapFiler.php en Mapbender 2.4 hasta 2.4.4 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante secuencias de c\u00f3digo PHP en el par\u00e1metro factor, que no esta correctamente manejado cuando se accede al nombre del fichero que contiene esa secuencia."
}
],
"id": "CVE-2008-0300",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-11T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29329"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/28195"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/28195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-0300 (GCVE-0-2008-0300)
Vulnerability from cvelistv5 – Published: 2008-03-11 23:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php"
},
{
"name": "5232",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5232"
},
{
"name": "28195",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28195"
},
{
"name": "mapbender-mapfiler-code-execution(41131)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131"
},
{
"name": "29329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php"
},
{
"name": "5232",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5232"
},
{
"name": "28195",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28195"
},
{
"name": "mapbender-mapfiler-code-execution(41131)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131"
},
{
"name": "29329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php"
},
{
"name": "5232",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5232"
},
{
"name": "28195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28195"
},
{
"name": "mapbender-mapfiler-code-execution(41131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131"
},
{
"name": "29329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0300",
"datePublished": "2008-03-11T23:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0301 (GCVE-0-2008-0301)
Vulnerability from cvelistv5 – Published: 2008-03-11 23:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2008-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5233",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5233"
},
{
"name": "28193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28193"
},
{
"name": "3728",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php"
},
{
"name": "mapbender-gaz-sql-injection(41139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41139"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=120523564611595\u0026w=2"
},
{
"name": "29329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29329"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489383/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5233",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5233"
},
{
"name": "28193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28193"
},
{
"name": "3728",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php"
},
{
"name": "mapbender-gaz-sql-injection(41139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41139"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=120523564611595\u0026w=2"
},
{
"name": "29329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29329"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489383/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5233",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5233"
},
{
"name": "28193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28193"
},
{
"name": "3728",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3728"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php"
},
{
"name": "mapbender-gaz-sql-injection(41139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41139"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=120523564611595\u0026w=2"
},
{
"name": "29329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29329"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489383/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0301",
"datePublished": "2008-03-11T23:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0300 (GCVE-0-2008-0300)
Vulnerability from nvd – Published: 2008-03-11 23:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php"
},
{
"name": "5232",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5232"
},
{
"name": "28195",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28195"
},
{
"name": "mapbender-mapfiler-code-execution(41131)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131"
},
{
"name": "29329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php"
},
{
"name": "5232",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5232"
},
{
"name": "28195",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28195"
},
{
"name": "mapbender-mapfiler-code-execution(41131)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131"
},
{
"name": "29329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php"
},
{
"name": "5232",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5232"
},
{
"name": "28195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28195"
},
{
"name": "mapbender-mapfiler-code-execution(41131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131"
},
{
"name": "29329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0300",
"datePublished": "2008-03-11T23:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0301 (GCVE-0-2008-0301)
Vulnerability from nvd – Published: 2008-03-11 23:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2008-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5233",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5233"
},
{
"name": "28193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28193"
},
{
"name": "3728",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php"
},
{
"name": "mapbender-gaz-sql-injection(41139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41139"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=120523564611595\u0026w=2"
},
{
"name": "29329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29329"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489383/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5233",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5233"
},
{
"name": "28193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28193"
},
{
"name": "3728",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php"
},
{
"name": "mapbender-gaz-sql-injection(41139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41139"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=120523564611595\u0026w=2"
},
{
"name": "29329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29329"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489383/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5233",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5233"
},
{
"name": "28193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28193"
},
{
"name": "3728",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3728"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php"
},
{
"name": "mapbender-gaz-sql-injection(41139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41139"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=120523564611595\u0026w=2"
},
{
"name": "29329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29329"
},
{
"name": "20080311 Advisory: SQL-Injections in Mapbender",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489383/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0301",
"datePublished": "2008-03-11T23:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}