Security issues

From MapbenderWiki

2008-03-13

A penetration test has identified two security leaks in Mapbender. These leaks have been fixed in version 2.4.5.

• Remote Command Execution in Mapbender

As Workaround, delete the file Datei mapFiler.php in folder "tools", or alternatively secure the "tools" folder with a password via .htaccess

In Mapbender 2.4.5 the "tools" folder has been moved out of the "http" folder. If required, move it back to "http", but secure it via .htaccess.

• SQL-Injections in Mapbender

In the file "http/php/mod_gazetteer_edit.php" the SQL evaluation has to be done via prepared statements. Replace the following lines

$sql = "SELECT * FROM gazetteer WHERE gazetteer_id = ".$_REQUEST["gaz"];
$res = db_query($sql);

by

$sql = "SELECT * FROM gazetteer WHERE gazetteer_id = $1";
$v = array($_REQUEST["gaz"]);
$t = array("i");
$res = db_prep_query($sql, $v, $t);

Please update to version 2.4.5 as soon as possible!