Loading
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.
Use CWE-22, Osgeo vendor hub and Mapserver product page to widen CVE-2009-0841 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2010-2540, CVE-2017-5522 and CVE-2025-59431 for nearby disclosures in the same product family.