Changes between Initial Version and Version 1 of Ticket #195


Ignore:
Timestamp:
Mar 13, 2008, 2:23:41 AM (16 years ago)
Author:
christoph
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #195 – Description

    initial v1  
    66
    77
    8 Details
    9 =======
     8== Details ==
    109
    1110Product: Mapbender
     
    2221
    2322
    24 Introduction
    25 ============
     23== Introduction ==
    2624
    2725"Mapbender is the software and portal site for geodata management of OGC
     
    3735
    3836
    39 More Details
    40 ============
     37== More Details ==
    4138
    4239The Mapbender software comes with a script mapFiler.php, which is
     
    5148
    5249
    53 Proof of Concept
    54 ================
     50== Proof of Concept ==
    5551
    5652For this example, the user account which is used to execute php scripts
     
    9086
    9187
    92 Workaround
    93 ==========
     88== Workaround ==
    9489
    9590If not needed, the mapfiler.php script can be removed. Otherwise, it can
     
    9792
    9893
    99 Fix
    100 ===
     94== Fix ==
    10195
    10296The vulnerability is fixed in release 2.4.5 rc1.
    10397
    10498
    105 Security Risk
    106 =============
     99== Security Risk ==
    107100
    108101The security risk is rated as high. An attacker can execute arbitrary
     
    110103
    111104
    112 History
    113 =======
     105== History ==
    114106
    1151072007-12-14 Problem identified during a penetration test
     
    120112
    121113
    122 RedTeam Pentesting GmbH
    123 =======================
     114== RedTeam Pentesting GmbH ==
    124115
    125116RedTeam Pentesting is offering individual penetration tests, short