7 matches found
Debian dla-4506 : cgi-mapserver - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4506 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4506-1 [email protected]...
Fedora: Security Advisory (FEDORA-2025-38689b7760)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-2b5c69ffe6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 43 : mapserver (2025-5b5dedacb2)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5b5dedacb2 advisory. Update to mapserver-8.4.1, fixes CVE-2025-59431. Tenable has extracted the preceding description block directly from the Fedora security advisory...
CVE-2025-59431
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
CVE-2025-59431
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...