CVE-2013-7262

Sažetak

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.

Reference

https://github.com/mapserver/mapserver/issues/4834
http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1
https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed
http://www.securityfocus.com/bid/64671

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-06-2021 - 15:56

Objavljeno

05-01-2014 - 20:55