CVE-2011-2703
8.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.7%
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
References
lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
secunia.com/advisories/45257
secunia.com/advisories/45318
secunia.com/advisories/45368
trac.osgeo.org/mapserver/ticket/3903
www.debian.org/security/2011/dsa-2285
www.openwall.com/lists/oss-security/2011/07/19/11
www.openwall.com/lists/oss-security/2011/07/19/14
www.openwall.com/lists/oss-security/2011/07/20/15
www.securityfocus.com/bid/48720
bugzilla.redhat.com/show_bug.cgi?id=722545
bugzilla.redhat.com/show_bug.cgi?id=723293
exchange.xforce.ibmcloud.com/vulnerabilities/68682
Related
8.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.7%