CVE-2008-0300

Name of the Vulnerable Software and Affected Versions Mapbender versions 2.4 through 2.4.4

Description The issue allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter. This occurs because the sequences are not properly handled when accessing a filename that contains those sequences.

Recommendations For Mapbender versions 2.4 through 2.4.4, consider restricting access to the mapFiler.php file until a patch is available. As a temporary workaround, avoid using the factor parameter in the affected API endpoint until the issue is resolved.