Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
secunia.com/advisories/45257
secunia.com/advisories/45318
secunia.com/advisories/45368
trac.osgeo.org/mapserver/ticket/3903
www.debian.org/security/2011/dsa-2285
www.openwall.com/lists/oss-security/2011/07/19/11
www.openwall.com/lists/oss-security/2011/07/19/14
www.openwall.com/lists/oss-security/2011/07/20/15
www.securityfocus.com/bid/48720
bugzilla.redhat.com/show_bug.cgi?id=722545
bugzilla.redhat.com/show_bug.cgi?id=723293
exchange.xforce.ibmcloud.com/vulnerabilities/68682