PT-2008-1943 · Osgeo · Mapbender
Published
2008-03-11
·
Updated
2018-10-15
·
CVE-2008-0301
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Mapbender version 2.4.4
Description
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the
gaz parameter to the "/mod gazetteer edit.php" API endpoint and potentially other unspecified vectors.Recommendations
For Mapbender version 2.4.4, consider restricting access to the
/mod gazetteer edit.php endpoint and avoid using the gaz parameter until a fix is available.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mapbender