Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x prior to 4.10.4 and 5.x prior to 5.2.2, when running on Windows with Cygwin, allows remote malicious users to create arbitrary files via a .. (dot dot) in the id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
osgeo mapserver 4.10.0 |
||
osgeo mapserver 4.6.0 |
||
umn mapserver 4.0 |
||
osgeo mapserver 5.2.0 |
||
osgeo mapserver 5.0.0 |
||
osgeo mapserver 4.10.3 |
||
osgeo mapserver 4.10.1 |
||
osgeo mapserver 4.8.0 |
||
osgeo mapserver 4.4.0 |
||
osgeo mapserver 4.2.0 |
||
osgeo mapserver 4.10.2 |
||
osgeo mapserver 5.2.1 |