Mapserver For Windows Local File Include Vulnerability Network Vulnerability

Summary

Mapserver for Windows (MS4W) is prone to an local file include vulnerability because it fails to sufficiently sanitize user supplied input. An attacker can exploit this vulnerability to view files and execute arbitrary local PHP scripts with the privileges of the affected application. Mapserver for Windows versions 2.0 through 3.0.4 are vulnerable.

Solution

Updates are available. Please contact the vendor for more information.

References

http://maptools.org/ms4w/index.phtml?page=home.html
http://www.securityfocus.com/archive/1/522908
http://www.securityfocus.com/bid/53737

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2950

CVSS	Base Score: 9.0 AV:N/AC:L/Au:N/C:C/I:P/A:P

Related Vulnerabilities

AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
ASP Inline Corporate Calendar SQL injection
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
aflog Cookie-Based Authentication Bypass Vulnerability
ASP-Dev XM Event Diary Multiple Vulnerabilities

Mapserver for Windows Local File Include Vulnerability

Take action and discover your vulnerabilities