CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

CVE-2025-59431

MapServer prior to 8.4.1 is affected by a vulnerability in the XML Filter Query directive PropertyName that can be exploited via Boolean-based SQL injection by injecting double quote characters into PropertyName, enabling manipulation of backend database queries. The issue is fixed in MapServer 8...

Mapserver SQL注入漏洞

Mapserver is the Open Source Geospatial Osgeo Foundation's suite of open source platforms for publishing spatial data and interactive map applications to the Web. A SQL injection vulnerability exists in Mapserver versions prior to 8.4.1, which stems from a Boolean SQL injection in the XML Filter...

PT-2025-38619

Name of the Vulnerable Software and Affected Versions MapServer versions prior to 8.4.1 Description MapServer, a system for developing web-based GIS applications, contains a flaw in the XML Filter Query directive PropertyName. The PropertyName directive is susceptible to Boolean-based SQL injecti...

CVE-2025-10453

O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...

CVE-2025-10453

O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...

CVE-2025-10453 PilotGaea Technologies｜O'View MapServer - Server-Side Request Forgery

O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...

CVE-2025-10453 PilotGaea Technologies｜O'View MapServer - Server-Side Request Forgery

O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...

CVE-2025-10453

CVE-2025-10453 affects O’View MapServer by PilotGaea Technologies. The connected sources confirm a Server-Side Request Forgery (SSRF) vulnerability that can be exploited by unauthenticated remote attackers to probe internal networks. The root cause is SSRF within the MapServer component, enabling...

PT-2025-37454

Name of the Vulnerable Software and Affected Versions: O'View MapServer affected versions not specified Description: O'View MapServer developed by PilotGaea Technologies contains a Server-Side Request Forgery vulnerability. This allows unauthenticated remote attackers to probe internal networks...

PilotGaea OView MapServer 代码问题漏洞

PilotGaea OView MapServer is a Geographic Information System GIS map server software from PilotGaea in Taiwan, China. A code issue vulnerability exists in PilotGaea OView MapServer, which can be exploited by an unauthenticated, remote attacker to probe the internal network using a server-side...

Linux Distros Unpatched Vulnerability : CVE-2021-32062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH a...

Debian: Security Advisory (DSA-2079-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-734-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-790-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2007-4542

Multiple cross-site scripting XSS vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the 1 processLine function in maptemplate.c and the 2 writeError function in mapserv.c in the mapserv CGI program...

SUSE CVE-2021-32062

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...

PT-2022-36684 · Git +1 · Mapserver

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue. The crash state includes functions such as loadSymbol, loadMapInternal, and msLoadMap. Recommendations: At the moment, there is no...