Name of the Vulnerable Software and Affected Versions:

MapTiler Tileserver-php version 2.0

Description:

MapTiler Tileserver-php version 2.0 is vulnerable to Directory Traversal. The `renderTile` function within `tileserver.php` is responsible for delivering tiles stored as files on the server via web request. Constructing the file path allows the insertion of "../", enabling the reading of any file on the web server. The affected GET parameters are `TileMatrix`, `TileRow`, `TileCol`, and `Format`.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.