Lucene search
PRIOn knowledge basePRION:CVE-2023-25157HistoryFeb 21, 2023 - 10:15 p.m.
Code injection
2023-02-2122:15:00
PRIOn knowledge base
www.prio-n.com
7
geoserver
ogc filter
cql
upgrade
postgis datastore
encode functions
preparedstatements
vulnerabilities
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore encode functions setting to mitigate strEndsWith, strStartsWith and PropertyIsLike misuse and enable the PostGIS DataStore preparedStatements setting to mitigate the FeatureId misuse.
Related
nuclei
nuclei
GeoServer OGC Filter - SQL Injection
2023-06-07 05:58:03
githubexploit
githubexploit
Exploit for SQL Injection in Osgeo Geoserver
2023-06-10 00:47:32
Exploit for SQL Injection in Osgeo Geoserver
2023-06-10 09:00:16
Exploit for SQL Injection in Osgeo Geoserver
2023-06-12 14:34:14
nvd
nvd
CVE-2023-25157
2023-02-21 22:15:10
github
github
GeoServer OGC Filter SQL Injection Vulnerabilities
2023-02-22 19:15:56
osv
osv
GeoServer OGC Filter SQL Injection Vulnerabilities
2023-02-22 19:15:56
CVE-2023-25157
2023-02-21 22:15:10
cvelist
cvelist
CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver
2023-02-21 21:00:13
cve
cve
CVE-2023-25157
2023-02-21 22:15:10
thn
thn