Unrated severityNVD Advisory· Published Mar 11, 2008· Updated Apr 23, 2026

CVE-2008-0300

Description

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Affected products

Mapbender/Mapbender5 versions
cpe:2.3:a:mapbender:mapbender:2.4:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mapbender:mapbender:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mapbender:mapbender:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mapbender:mapbender:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mapbender:mapbender:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mapbender:mapbender:2.4.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redteam-pentesting.de/advisories/rt-sa-2008-001.phpnvdExploit
www.securityfocus.com/bid/28195nvdExploitPatch
secunia.com/advisories/29329nvd
exchange.xforce.ibmcloud.com/vulnerabilities/41131nvd
www.exploit-db.com/exploits/5232nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000