CNNVD-202510-2931 Information
CNNVD ID
CNNVD-202510-2931
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
Esri ArcGIS Server是Esri公司的一个面向Web的可用于提供地理位置服务的企业级软件平台。 Esri ArcGIS Server 11.3版本、11.4版本和11.5版本存在SQL注入漏洞,该漏洞源于特定ArcGIS要素服务操作未经验证输入,可能导致SQL注入攻击。
Description (English)
Esri ArcGIS Server is a Web-based enterprise-level software platform for Esri that can be used to provide geographical services. Esri Arcgis Server 11.3, 11.4 and 11.5 have an injection loophole in SQL, which originates from unverified input of specific ArcGIS factor service operations, which may lead to SQL injection attacks.
Hazard Level
Low
Vulnerability Type
SQL注入
Affected Vendor
环境系统研究所
Published
2025-10-22
Last Modified
2026-02-24
References
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-feature-services-security-patch https://vigilance.fr/vulnerability/ArcGIS-Server-SQL-injection-dated-08-10-2025-48410
Patch
https://www.esri.com/en-us/home
Share on: