CVE-2011-2703 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in MapServer before 4.10.7 5.x before 5.6.7 and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

Reference

http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html http://secunia.com/advisories/45257 http://secunia.com/advisories/45318 http://secunia.com/advisories/45368 http://trac.osgeo.org/mapserver/ticket/3903 http://www.debian.org/security/2011/dsa-2285 http://www.openwall.com/lists/oss-security/2011/07/19/11 http://www.openwall.com/lists/oss-security/2011/07/19/14 http://www.openwall.com/lists/oss-security/2011/07/20/15 http://www.securityfocus.com/bid/48720 https://bugzilla.redhat.com/show_bug.cgi?id=722545 https://bugzilla.redhat.com/show_bug.cgi?id=723293 https://exchange.xforce.ibmcloud.com/vulnerabilities/68682

Share on: