CVE-2012-4949

CVE-2012-4949 is an SQL injection vulnerability in ESRI ArcGIS 10.1 where the where parameter in a REST service query URI can be exploited by remote authenticated users to execute arbitrary SQL. The root cause is inadequate sanitization of SQL commands in the where clause, enabling a subset of SQ...

Esri ArcGIS server 10.1 contains a blind SQL injection vulnerability

Overview Esri's ArcGIS server version 10.1 contains a blind SQL injection vulnerability that allows remote attackers to execute a subset of SQL commands via a query operation where clause. Description The Esri ArcGIS server version 10.1 contains a blind SQL injection vulnerability CWE-89 for REST...