cbcvebase.
CVE-2024-51962
published 2025-03-03

CVE-2024-51962: A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed…

PriorityP347high8.7CVSS 3.1
AVNACLPRHUINSCCHIHAN
EPSS
0.47%
37.3th percentile
A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users with advanced application‑specific permissions, indicating high privileges are required. Successful exploitation would have a high impact on integrity and confidentiality, with no impact on availability.

Affected

2 ranges
VendorProductVersion rangeFixed in
esriarcgis_server10.9.1 – 11.3
esriarcgis_serverall – 11.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.