CVE-2008-0300

{"id": "CVE-2008-0300", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-11T23:44:00.000", "references": [{"url": "http://secunia.com/advisories/29329", "source": "cve@mitre.org"}, {"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28195", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5232", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29329", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28195", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41131", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5232", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences."}, {"lang": "es", "value": "mapFiler.php en Mapbender 2.4 hasta 2.4.4 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante secuencias de c\u00f3digo PHP en el par\u00e1metro factor, que no esta correctamente manejado cuando se accede al nombre del fichero que contiene esa secuencia."}], "lastModified": "2024-11-21T00:41:37.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mapbender:mapbender:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B6B556A-9697-49EE-8C02-68367E6E0DDE"}, {"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "234EFEA2-A7E5-4C26-AB6D-6CAA5D87AE7D"}, {"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "939816A3-FDFB-436E-B264-9563DAF17EB9"}, {"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22158443-4914-4CCC-827E-DF1CCA7102FB"}, {"criteria": "cpe:2.3:a:mapbender:mapbender:2.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03315A84-729C-4DF6-A7B3-98F13DA9F2D5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}