vendor:
Mapbender
by:
RedTeam Pentesting
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Mapbender
Affected Version From: 2.4
Affected Version To: 2.4.2004
Patch Exists: YES
Related CWE: CVE-2008-0300
CPE: 2.4:Mapbender
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008
Advisory: Remote Command Execution in Mapbender
An unauthorized user can create arbitrary PHP-files on the Mapbender webserver, which can later be executed. Due to the lack of input filtering, an attacker is able to enter valid PHP code in the 'factor' input field. This PHP code is written into a newly generated file in the Mapbender webfolder. Therefore, it is possible to remotely execute the code by requesting the new file.
Mitigation:
The vendor has released a fixed version (2.4.5rc1) to address this vulnerability.