Описание
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 6.4.1-1 |
| lucid | ignored | end of life |
| precise | released | 6.0.1-2ubuntu1.1 |
| quantal | released | 6.0.1-3.2ubuntu0.12.10.1 |
| raring | released | 6.0.1-3.2ubuntu0.13.04.1 |
| saucy | released | 6.2.1-3ubuntu0.1 |
| upstream | released | 6.4.1 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
SQL injection vulnerability in the msPostGISLayerSetTimeFilter functio ...
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
EPSS
6.8 Medium
CVSS2