CVE-2008-0300 Information

Description

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter which are not properly handled when accessing a filename that contains those sequences.

Reference

http://secunia.com/advisories/29329 http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php http://www.securityfocus.com/bid/28195 https://exchange.xforce.ibmcloud.com/vulnerabilities/41131 https://www.exploit-db.com/exploits/5232