CVE-2011-2703

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
osgeomapserver
𝑥
≤ 4.10.6
osgeomapserver
4.2.0:beta1
osgeomapserver
4.4.0
osgeomapserver
4.4.0:beta1
osgeomapserver
4.4.0:beta2
osgeomapserver
4.4.0:beta3
osgeomapserver
4.6.0
osgeomapserver
4.6.0:beta1
osgeomapserver
4.6.0:beta2
osgeomapserver
4.6.0:beta3
osgeomapserver
4.6.0:rc1
osgeomapserver
4.8.0:beta1
osgeomapserver
4.8.0:beta2
osgeomapserver
4.8.0:beta3
osgeomapserver
4.8.0:rc1
osgeomapserver
4.8.0:rc2
osgeomapserver
4.10.0
osgeomapserver
4.10.0:beta1
osgeomapserver
4.10.0:beta2
osgeomapserver
4.10.0:beta3
osgeomapserver
4.10.0:rc1
osgeomapserver
4.10.1
osgeomapserver
4.10.2
osgeomapserver
4.10.3
osgeomapserver
4.10.4
osgeomapserver
4.10.5
osgeomapserver
5.0.0
osgeomapserver
5.0.0:beta1
osgeomapserver
5.0.0:beta2
osgeomapserver
5.0.0:beta3
osgeomapserver
5.0.0:beta4
osgeomapserver
5.0.0:beta5
osgeomapserver
5.0.0:beta6
osgeomapserver
5.0.0:rc1
osgeomapserver
5.0.0:rc2
osgeomapserver
5.2.0
osgeomapserver
5.2.0:beta1
osgeomapserver
5.2.0:beta2
osgeomapserver
5.2.0:beta3
osgeomapserver
5.2.0:beta4
osgeomapserver
5.2.0:rc1
osgeomapserver
5.2.1
osgeomapserver
5.4.0
osgeomapserver
5.4.0:beta1
osgeomapserver
5.4.0:beta2
osgeomapserver
5.4.0:beta3
osgeomapserver
5.4.0:beta4
osgeomapserver
5.4.0:rc1
osgeomapserver
5.4.0:rc2
osgeomapserver
5.4.1
osgeomapserver
5.4.2
osgeomapserver
5.6.0
osgeomapserver
5.6.1
osgeomapserver
5.6.3
umnmapserver
5.2.2
umnmapserver
5.2.3
umnmapserver
5.6.4
umnmapserver
5.6.5
umnmapserver
5.6.6
umnmapserver
6.0.0
umnmapserver
6.0.0:beta1
umnmapserver
6.0.0:beta2
umnmapserver
6.0.0:beta3
umnmapserver
6.0.0:beta4
umnmapserver
6.0.0:beta5
umnmapserver
6.0.0:beta6
umnmapserver
6.0.0:beta7
umnmapserver
6.0.0:rc1
umnmapserver
6.0.0:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mapserver
bullseye
7.6.2-1
fixed
bookworm
8.0.0-3
fixed
sid
8.2.2-1
fixed
trixie
8.2.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mapserver
natty
Fixed 5.6.5-2ubuntu0.1
released
maverick
Fixed 5.6.5-1ubuntu0.1
released
lucid
Fixed 5.6.1-1ubuntu1.2
released
hardy
Fixed 5.0.0-3ubuntu0.3
released
Common Weakness Enumeration
References
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
http://secunia.com/advisories/45257
http://secunia.com/advisories/45318
http://secunia.com/advisories/45368
http://trac.osgeo.org/mapserver/ticket/3903
http://www.debian.org/security/2011/dsa-2285
http://www.openwall.com/lists/oss-security/2011/07/19/11
http://www.openwall.com/lists/oss-security/2011/07/19/14
http://www.openwall.com/lists/oss-security/2011/07/20/15
http://www.securityfocus.com/bid/48720
https://bugzilla.redhat.com/show_bug.cgi?id=722545
https://bugzilla.redhat.com/show_bug.cgi?id=723293
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
http://secunia.com/advisories/45257
http://secunia.com/advisories/45318
http://secunia.com/advisories/45368
http://trac.osgeo.org/mapserver/ticket/3903
http://www.debian.org/security/2011/dsa-2285
http://www.openwall.com/lists/oss-security/2011/07/19/11
http://www.openwall.com/lists/oss-security/2011/07/19/14
http://www.openwall.com/lists/oss-security/2011/07/20/15
http://www.securityfocus.com/bid/48720
https://bugzilla.redhat.com/show_bug.cgi?id=722545
https://bugzilla.redhat.com/show_bug.cgi?id=723293
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682