2 matches found
ESRI ArcGIS未明SQL注入漏洞
CVE ID:CVE-2013-7232 ArcGIS for Server软件平台让用户能够通过网络创建,管理和分发GIS服务,并以服务的形式支撑桌面软件应用,移动终端应用和网络地图应用等。 ArcGIS for Server存在未明SQL注入漏洞,允许远程攻击者利用漏洞提交特制的SQL查询,可操作或获取数据库数据。 漏洞与地图的输入有关。 0 ESRI ArcGIS for Server 10.2 厂商补丁: ESRI ----- 用户可参考如下厂商提供的安全公告获得补丁信息:...
CVE-2013-7232
Summary: CVE-2013-7232 is an SQL injection vulnerability in ESRI ArcGIS for Server up to version 10.2. The flaw allows remote attackers to execute arbitrary SQL commands via input to the map or feature service. Root cause involves unsanitized input being used in SQL queries exposed by the map/fea...