CVE-2011-2703

EPSS 2.7%

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html https://bugzilla.redhat.com/show_bug.cgi?id=722545 https://bugzilla.redhat.com/show_bug.cgi?id=723293 http://secunia.com/advisories/45257 http://secunia.com/advisories/45318 http://secunia.com/advisories/45368 https://exchange.xforce.ibmcloud.com/vulnerabilities/68682 http://trac.osgeo.org/mapserver/ticket/3903 http://www.debian.org/security/2011/dsa-2285 http://www.openwall.com/lists/oss-security/2011/07/19/11 http://www.openwall.com/lists/oss-security/2011/07/19/14 http://www.openwall.com/lists/oss-security/2011/07/20/15