Lucene search

CVE-2023-25157

🗓️ 21 Feb 2023 22:10:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 216 Views🌐 WEB

GeoServer CVE-2023-25157 update to versions 2.21.4 or 2.22.2 recommende

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 18
GithubExploit	Exploit for SQL Injection in Osgeo Geoserver	21 Apr 202513:13	–	githubexploit
GithubExploit	Exploit for SQL Injection in Osgeo Geoserver	10 Jun 202309:00	–	githubexploit
GithubExploit	Exploit for SQL Injection in Osgeo Geoserver	10 Jun 202300:47	–	githubexploit
GithubExploit	Exploit for SQL Injection in Osgeo Geoserver	24 Apr 202509:12	–	githubexploit
GithubExploit	Exploit for SQL Injection in Osgeo Geoserver	6 Jun 202314:05	–	githubexploit
GithubExploit	Exploit for SQL Injection in Osgeo Geoserver	12 Jun 202314:34	–	githubexploit
GithubExploit	Exploit for SQL Injection in Osgeo Geoserver	28 Nov 202307:23	–	githubexploit
GithubExploit	Exploit for CVE-2014-4210	19 Mar 202201:54	–	githubexploit
GithubExploit	Exploit for CVE-2014-4210	19 Mar 202201:54	–	githubexploit
RedhatCVE	CVE-2023-25157	23 May 202502:14	–	redhatcve

Nvd

Vulners

Node

osgeo geoserverRange<2.18.7

osgeo geoserverRange2.19.0–2.19.7

osgeo geoserverRange2.20.0–2.20.7

osgeo geoserverRange2.21.0–2.21.4

osgeo geoserverRange2.22.0–2.22.2

[
  {
    "vendor": "geoserver",
    "product": "geoserver",
    "versions": [
      {
        "version": ">= 2.22.0, < 2.22.2",
        "status": "affected"
      },
      {
        "version": "< 2.21.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf
github	www.github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d

Parameter	Position	Path	Description	CWE
service	query param	/geoserver/ows	Handles WFS requests to retrieve capabilities from GeoServer, potentially vulnerable to SQL injection.	CWE-89
version	query param	/geoserver/ows	Handles WFS requests to retrieve capabilities from GeoServer, potentially vulnerable to SQL injection.	CWE-89
request	query param	/geoserver/ows	Handles WFS requests to retrieve capabilities from GeoServer, potentially vulnerable to SQL injection.	CWE-89
request	query param	/geoserver/wfs	Retrieves the description of a feature type, which may be exploited for SQL injection attacks.	CWE-89
version	query param	/geoserver/wfs	Retrieves the description of a feature type, which may be exploited for SQL injection attacks.	CWE-89
service	query param	/geoserver/wfs	Retrieves the description of a feature type, which may be exploited for SQL injection attacks.	CWE-89
outputFormat	query param	/geoserver/wfs	Retrieves the description of a feature type, which may be exploited for SQL injection attacks.	CWE-89
typeName	query param	/geoserver/wfs	Retrieves the description of a feature type, which may be exploited for SQL injection attacks.	CWE-89
service	query param	/geoserver/ows	Exploitable endpoint for executing CQL queries, allowing for SQL injection.	CWE-89
version	query param	/geoserver/ows	Exploitable endpoint for executing CQL queries, allowing for SQL injection.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Feb 2023 22:15Current

9.4High risk

Vulners AI Score9.4

CVSS39.8

EPSS0.93789

CWE-89