Multiple SQL Injection Vulnerabilities in MapServer from OSGeo
CVE-2011-2703

Currently unrated

Key Information:

Vendor: Osgeo
Status: Mapserver
Vendor: CVE Published:; 1 August 2011

What is CVE-2011-2703?

Multiple SQL injection vulnerabilities exist in MapServer versions prior to 4.10.7, 5.6.7, and 6.0.1. These vulnerabilities can be exploited by remote attackers through specially crafted inputs related to OGC filter encoding and WMS time support, potentially allowing the execution of arbitrary SQL code on the database. This poses a significant security risk for applications relying on these versions of MapServer, as it may lead to unauthorized access to sensitive data or manipulation of the database.

References

http://secunia.com/advisories/45318

third-party-advisoryx_refsource_SECUNIA

http://trac.osgeo.org/mapserver/ticket/3903

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2011/07/19/11

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2011
Vulnerability Reserved
Jul 11, 2011

CVE-2011-2703 Data

JSON

Osgeo

What is CVE-2011-2703?

References

Timeline