CVE-2011-2703 — SQL Injection in Mapserver

CWE-89 — SQL Injection6 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.6%

top 18.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Osgeo Mapserver Debian Mapserver UMN Mapserver

Timeline

PublishedAug 1

Latest updateMay 13

Description

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/mapserver< mapserver 6.0.1-1 (bookworm)

▶Debianosgeo/mapserver< 6.0.1-1+3

▶NVDosgeo/mapserver4.10.6+19

▶NVDumn/mapserver6 versions+5

Patches

Patch: lists.osgeo.org ↗Patch: trac.osgeo.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-q35g-3274-mvw4: Multiple SQL injection vulnerabilities in MapServer before 4↗2022-05-13

▶

OSV

CVE-2011-2703: Multiple SQL injection vulnerabilities in MapServer before 4↗2011-08-01

▶

💥Exploits & PoCs

Exploit-DB

HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Remote Buffer Overflow (Metasploit)↗2011-03-23

▶

📋Vendor Advisories

Debian

CVE-2011-2703: mapserver - Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5....↗2011

▶

💬Community

Bugzilla

CVE-2011-2703 CVE-2011-2704 CVE-2011-2975 MapServer (v6.0.1, v5.6.7 and v4.10.7): Multiple SQL injections and one (stack-based) buffer overflow flaw↗2011-07-19

▶