CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
72.9%
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
Vendor | Product | Version | CPE |
---|---|---|---|
osgeo | mapserver | * | cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:* |
osgeo | mapserver | 4.2.0 | cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:* |
osgeo | mapserver | 4.4.0 | cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:* |
osgeo | mapserver | 4.4.0 | cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:* |
osgeo | mapserver | 4.4.0 | cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:* |
osgeo | mapserver | 4.4.0 | cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:* |
osgeo | mapserver | 4.6.0 | cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:* |
osgeo | mapserver | 4.6.0 | cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:* |
osgeo | mapserver | 4.6.0 | cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:* |
osgeo | mapserver | 4.6.0 | cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:* |
lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
secunia.com/advisories/45257
secunia.com/advisories/45318
secunia.com/advisories/45368
trac.osgeo.org/mapserver/ticket/3903
www.debian.org/security/2011/dsa-2285
www.openwall.com/lists/oss-security/2011/07/19/11
www.openwall.com/lists/oss-security/2011/07/19/14
www.openwall.com/lists/oss-security/2011/07/20/15
www.securityfocus.com/bid/48720
bugzilla.redhat.com/show_bug.cgi?id=722545
bugzilla.redhat.com/show_bug.cgi?id=723293
exchange.xforce.ibmcloud.com/vulnerabilities/68682