CVE-2011-2703

critical

Description

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/68682

https://bugzilla.redhat.com/show_bug.cgi?id=723293

https://bugzilla.redhat.com/show_bug.cgi?id=722545

http://www.securityfocus.com/bid/48720

http://www.openwall.com/lists/oss-security/2011/07/20/15

http://www.openwall.com/lists/oss-security/2011/07/19/14

http://www.openwall.com/lists/oss-security/2011/07/19/11

http://www.debian.org/security/2011/dsa-2285

http://trac.osgeo.org/mapserver/ticket/3903

http://secunia.com/advisories/45368

http://secunia.com/advisories/45318

http://secunia.com/advisories/45257

http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html

Details

Source: Mitre, NVD

Published: 2011-08-01

Updated: 2021-06-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics