cbcvebase.
CVE-2013-7262
published 2014-01-05

CVE-2013-7262: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows…

PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.22%
80.5th percentile
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
debianmapserver< mapserver 6.4.1-1 (bookworm)mapserver 6.4.1-1 (bookworm)
osgeomapserver<= 6.4.0
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.