CNNVD-202509-3170 Information
CNNVD ID
CNNVD-202509-3170
Related CVE
- CNNVD Published: 2025-09-19
Description (Chinese)
Mapserver是开源地理空间(Osgeo)基金会的一套用于将空间数据和交互式地图应用程序发布到Web的开源平台。 Mapserver 8.4.1之前版本存在SQL注入漏洞,该漏洞源于XML Filter Query指令PropertyName存在布尔型SQL注入,可通过引入双引号字符绕过表达式检查,可能导致操纵后端数据库查询。
Description (English)
Mapserver is an open source platform for the release of space data and interactive map applications to Web by the Open Geospatial Foundation. The previous version of Mapserver 8.4.1 had an injection loophole in SQL, which originated from the XML Filter Query directive that there was a Boolean SQL injection in the Portery Name, which could be used to circumvent expressions by introducing double-quote characters, which could lead to manipulation of back-end database queries.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
Ossur
Published
2025-09-19
Last Modified
2026-02-24
References
https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w
Patch
https://mapserver.org/download.html
Share on: