CVE-2008-0300

Sažetak

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Reference

http://secunia.com/advisories/29329
http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php
http://www.securityfocus.com/bid/28195
https://exchange.xforce.ibmcloud.com/vulnerabilities/41131
https://www.exploit-db.com/exploits/5232

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:30

Objavljeno

11-03-2008 - 23:44