Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-25158

Published: 21/02/2023 Updated: 02/03/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Geotools

Vulnerability Summary

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

geotools geotools

Github Repositories

https://github.com/IGSIND/Qualys

GeoServer OGC Filter SQL Injection (CVE-2023-25157) 中文版本(Chinese version) GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-

https://github.com/dr-cable-tv/GeoServer-CVE-2023-25157

Geoserver SQL Injection Exploit

Geoserver SQL Injection Exploit In this year, a cve got published for Geoserver with the ID CVE-2023-25157 I saw this vulnerability in one of my projects and tried to exploit it And here it is, the complete exploit In this repo(githubcom/0x2458bughunt/CVE-2023-25157) you can use the detector to find out what tergets have the technology and vulnerability After usi

https://github.com/dr-cable-tv/Geoserver-CVE-2023-25157

Geoserver SQL Injection Exploit

Geoserver SQL Injection Exploit In this year, a cve got published for Geoserver with the ID CVE-2023-25157 I saw this vulnerability in one of my projects and tried to exploit it And here it is, the complete exploit In this repo(githubcom/0x2458bughunt/CVE-2023-25157) you can use the detector to find out what tergets have the technology and vulnerability After usi

https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158

GeoServer & GeoTools SQL Injection (CVE-2023-25157 & CVE-2023-25158)

GeoServer & GeoTools SQL Injection (CVE-2023-25157 & CVE-2023-25158) This repository contains a detailed description and replication steps of the SQL Injection vulnerabilities found in the GeoServer platform and GeoTools Library The vulnerability has been assigned the identifier CVE-2023-25157 for GeoServer and CVE-2023-25158 for GeoTools GeoServer is an open

References

CWE-89https://github.com/geotools/geotools/commit/64fb4c47f43ca818c2fe96a94651bff1b3b3ed2bhttps://github.com/geotools/geotools/security/advisories/GHSA-99c3-qc2q-p94mhttps://nvd.nist.govhttps://github.com/IGSIND/Qualyshttps://github.com/dr-cable-tv/GeoServer-CVE-2023-25157
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook