U.S. Dept Of Defense: SQL injection on ██████████ via 'where' parameter

An SQL injection vulnerability was discovered in the 'where' parameter of the ArcGIS server. The vulnerability allowed an attacker to retrieve database content by injecting malicious SQL queries into the 'where' parameter. Esri released an update to ArcGIS Server 10.1 Service Pack 1 to address th...