"Mapbender is the software and portal site for geodata management of OGC OWS architectures. The software provides web technology for managing spatial data services implemented in PHP, JavaScript and XML. It provides a data model and interfaces for displaying, navigating and querying OGC compliant map services. The Mapbender framework furthermore provides authentication and authorization services, OWS proxy functionality, management interfaces for user, group and service administration in WebGIS projects." During a penetration test RedTeam Pentesting discovered a remote command execution vulnerability in Mapbender. An unauthorized user can create arbitrary PHP-files on the Mapbender webserver, which can later be executed.

http://www.securiteam.com/unixfocus/5MP0F0KNPO.html