CVE-2013-7262
published 2014-01-05CVE-2013-7262: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.22%
80.5th percentile
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mapserver | < mapserver 6.4.1-1 (bookworm) | mapserver 6.4.1-1 (bookworm) |
| osgeo | mapserver | <= 6.4.0 | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-7262: mapserver - SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappo...
vendor_debian·2013·CVSS 6.8
CVE-2013-7262 [MEDIUM] CVE-2013-7262: mapserver - SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappo...
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Scope: local
bookworm: resolved (fixed in 6.4.1-1)
bullseye: resolved (fixed in 6.4.1-1)
forky: resolved (fixed in 6.4.1-1)
sid: resolved (fixed in 6.4.1-1)
trixie: resolved (fixed in 6.4.1-1)
GHSA
GHSA-vc7r-pq5v-cj3h: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis
ghsa_unreviewed·2022-05-13
CVE-2013-7262 [MEDIUM] CWE-89 GHSA-vc7r-pq5v-cj3h: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
OSV
CVE-2013-7262: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis
osv·2014-01-05·CVSS 6.8
CVE-2013-7262 [MEDIUM] CVE-2013-7262: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-7262 mapserver: SQL injections with postgis TIME filters
bugzilla·2014-01-06·CVSS 6.8
CVE-2013-7262 [MEDIUM] CVE-2013-7262 mapserver: SQL injections with postgis TIME filters
CVE-2013-7262 mapserver: SQL injections with postgis TIME filters
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-7262 to the following vulnerability:
Name: CVE-2013-7262
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7262
Assigned: 20140105
Reference: http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1
Reference: https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed
Reference: https://github.com/mapserver/mapserver/issues/4834
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Discussion:
C
Bugzilla
CVE-2013-7262 mapserver: SQL injections with postgis TIME filters [fedora-all]
bugzilla·2014-01-06·CVSS 6.8
CVE-2013-7262 [MEDIUM] CVE-2013-7262 mapserver: SQL injections with postgis TIME filters [fedora-all]
CVE-2013-7262 mapserver: SQL injections with postgis TIME filters [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue af
Bugzilla
CVE-2013-7262 mapserver: SQL injections with postgis TIME filters [epel-all]
bugzilla·2014-01-06·CVSS 6.8
CVE-2013-7262 [MEDIUM] CVE-2013-7262 mapserver: SQL injections with postgis TIME filters [epel-all]
CVE-2013-7262 mapserver: SQL injections with postgis TIME filters [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue
http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1http://www.securityfocus.com/bid/64671https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953edhttps://github.com/mapserver/mapserver/issues/4834http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1http://www.securityfocus.com/bid/64671https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953edhttps://github.com/mapserver/mapserver/issues/4834
2014-01-05
Published