CVE-2013-7262 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Vendor	Product	Version
osgeo	mapserver	𝑥 ≤ 6.4.0
osgeo	mapserver	4.2.0:beta1
osgeo	mapserver	4.4.0
osgeo	mapserver	4.4.0:beta1
osgeo	mapserver	4.4.0:beta2
osgeo	mapserver	4.4.0:beta3
osgeo	mapserver	4.6.0
osgeo	mapserver	4.6.0:beta1
osgeo	mapserver	4.6.0:beta2
osgeo	mapserver	4.6.0:beta3
osgeo	mapserver	4.6.0:rc1
osgeo	mapserver	4.8.0:beta1
osgeo	mapserver	4.8.0:beta2
osgeo	mapserver	4.8.0:beta3
osgeo	mapserver	4.8.0:rc1
osgeo	mapserver	4.8.0:rc2
osgeo	mapserver	4.10.0
osgeo	mapserver	4.10.0:beta1
osgeo	mapserver	4.10.0:beta2
osgeo	mapserver	4.10.0:beta3
osgeo	mapserver	4.10.0:rc1
osgeo	mapserver	4.10.1
osgeo	mapserver	4.10.2
osgeo	mapserver	4.10.3
osgeo	mapserver	4.10.4
osgeo	mapserver	4.10.5
osgeo	mapserver	5.0.0
osgeo	mapserver	5.0.0:beta1
osgeo	mapserver	5.0.0:beta2
osgeo	mapserver	5.0.0:beta3
osgeo	mapserver	5.0.0:beta4
osgeo	mapserver	5.0.0:beta5
osgeo	mapserver	5.0.0:beta6
osgeo	mapserver	5.0.0:rc1
osgeo	mapserver	5.0.0:rc2
osgeo	mapserver	5.2.0
osgeo	mapserver	5.2.0:beta1
osgeo	mapserver	5.2.0:beta2
osgeo	mapserver	5.2.0:beta3
osgeo	mapserver	5.2.0:beta4
osgeo	mapserver	5.2.0:rc1
osgeo	mapserver	5.2.1
osgeo	mapserver	5.4.0
osgeo	mapserver	5.4.0:beta1
osgeo	mapserver	5.4.0:beta2
osgeo	mapserver	5.4.0:beta3
osgeo	mapserver	5.4.0:beta4
osgeo	mapserver	5.4.0:rc1
osgeo	mapserver	5.4.0:rc2
osgeo	mapserver	5.4.1
osgeo	mapserver	5.4.2
osgeo	mapserver	5.6.0
osgeo	mapserver	5.6.1
osgeo	mapserver	5.6.3
osgeo	mapserver	6.0.1
osgeo	mapserver	6.0.2
osgeo	mapserver	6.0.3
osgeo	mapserver	6.2.0
osgeo	mapserver	6.2.1
umn	mapserver	5.2.3
umn	mapserver	5.6.7
umn	mapserver	6.0.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

mapserver

bullseye	7.6.2-1 fixed
bookworm	8.0.0-3 fixed
sid	8.2.2-1 fixed
trixie	8.2.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

mapserver

saucy	Fixed 6.2.1-3ubuntu0.1 released
raring	Fixed 6.0.1-3.2ubuntu0.13.04.1 released
quantal	Fixed 6.0.1-3.2ubuntu0.12.10.1 released
precise	Fixed 6.0.1-2ubuntu1.1 released
lucid	ignored

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1

http://www.securityfocus.com/bid/64671

https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed

https://github.com/mapserver/mapserver/issues/4834

http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1

http://www.securityfocus.com/bid/64671

https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed

https://github.com/mapserver/mapserver/issues/4834