Published: 05/01/2014 Updated: 07/06/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer prior to 6.4.1, when a WMS-Time service is used, allows remote malicious users to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
osgeo mapserver 6.2.1
umn mapserver 6.0.0
umn mapserver 5.2.3
osgeo mapserver 4.10.2
osgeo mapserver 4.10.4
osgeo mapserver 4.6.0
osgeo mapserver 4.8.0
osgeo mapserver 5.0.0
osgeo mapserver 5.2.1
osgeo mapserver 5.4.0
osgeo mapserver 5.4.2
osgeo mapserver 6.2.0
osgeo mapserver 6.0.3
osgeo mapserver 6.0.2
osgeo mapserver 6.0.1
osgeo mapserver 4.10.5
osgeo mapserver 4.2.0
osgeo mapserver 4.4.0
osgeo mapserver 4.10.0
osgeo mapserver 5.2.0
osgeo mapserver 5.6.1
osgeo mapserver 5.6.3
osgeo mapserver
umn mapserver 5.6.7
osgeo mapserver 4.10.1
osgeo mapserver 4.10.3
osgeo mapserver 5.4.1
osgeo mapserver 5.6.0

Debian Bug report logs - #734565 mapserver: CVE-2013-7262 Package: mapserver; Maintainer for mapserver is Debian GIS Project <pkg-grass-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 8 Jan 2014 07:33:07 UTC Severity: important Tags: patch, security, upstream Fixed i ...

CWE-89 https://github.com/mapserver/mapserver/issues/4834 http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1 https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed http://www.securityfocus.com/bid/64671 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734565 https://nvd.nist.gov

CVE-2013-7262

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect