CVE-2008-0300

Mapbender 2.4-2.4.4 - Remote Code Execution via mapFiler.php Factor Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0300. PoCs published by RedTeam Pentesting.

AI-analyzed exploit summary This exploit demonstrates a remote command execution vulnerability in Mapbender versions 2.4 to 2.4.4. It leverages insufficient input filtering in the `mapFiler.php` script to write arbitrary PHP code to a file, which can then be executed by accessing the file via a web request.

Description

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Exploits (1)

exploitdb WORKING POC VERIFIED
by RedTeam Pentesting · textwebappsphp
https://www.exploit-db.com/exploits/5232

This exploit demonstrates a remote command execution vulnerability in Mapbender versions 2.4 to 2.4.4. It leverages insufficient input filtering in the `mapFiler.php` script to write arbitrary PHP code to a file, which can then be executed by accessing the file via a web request.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mapbender 2.4 - 2.4.4
No auth needed
Prerequisites: Write permissions in a web-accessible directory (e.g., tmp)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5232
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28195
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41131
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29329

Scores

EPSS 0.0199
EPSS Percentile 78.0%

Details

CWE
CWE-94
Status published
Products (5)
mapbender/mapbender 2.4
mapbender/mapbender 2.4.1
mapbender/mapbender 2.4.2
mapbender/mapbender 2.4.3
mapbender/mapbender 2.4.4
Published Mar 11, 2008
Tracked Since Feb 18, 2026