21 matches found
GeoServer OGC Filter - SQL Injection
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...
CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
PT-2026-54846
Name of the Vulnerable Software and Affected Versions Silverstripe Framework versions prior to 6.2.2 Description The "Insert media from web" functionality in the CMS is susceptible to Cross-Site Scripting XSS, a technique where malicious scripts are injected into trusted websites, when processing...
Exploit for Code Injection in Geoserver
CVE-2024-36401 GeoServer Exploit Tool Vulnerability Descri...
EUVD-2025-17683
Malicious code in bioql PyPI...
EUVD-2022-51939
Malicious code in bioql PyPI...
CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
CVE-2025-59431
MapServer prior to 8.4.1 is affected by a vulnerability in the XML Filter Query directive PropertyName that can be exploited via Boolean-based SQL injection by injecting double quote characters into PropertyName, enabling manipulation of backend database queries. The issue is fixed in MapServer 8...
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...
GeoServer OGC Filter SQL Injection Vulnerabilities
Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...
CVE-2023-25157
CVE-2023-25157 (GeoServer SQL Injection) is triggered by flaws in OGC Filter handling within GeoServer’s WFS/WMS/WCS inputs, enabling SQL injection via filters such as PropertyIsLike, strEndsWith, strStartsWith, jsonArrayContains, and FeatureId under certain datastore conditions. Public details c...
CVE-2022-4607
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...
CVE-2022-4607
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...
Xxe
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...
CVE-2022-4607 3D City Database OGC Web Feature Service xml external entity reference
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...
CVE-2022-4607
The CVE-2022-4607 issue affects 3D City Database OGC Web Feature Service (WFS) up to version 5.2.0. The root cause is an XML External Entity (XXE) reference introduced during processing, enabling potentially sensitive data exposure or other impact as described. A fix is available: upgrade to vers...
3DCityDB Web Feature Service Interface 代码问题漏洞
3DCityDB Web Feature Service Interface is an open source city database WFS interface library for 3D City Database. 3DCityDB Web Feature Service Interface before 5.3.0 version of the code problematic vulnerability , the vulnerability stems from some unknown processing problems , which will lead to...
PT-2022-27728 · Unknown · 3D City Database Ogc Web Feature Service
Name of the Vulnerable Software and Affected Versions: 3D City Database OGC Web Feature Service versions up to 5.2.1 Description: A vulnerability was found in the 3D City Database OGC Web Feature Service, which affects some unknown processing and leads to xml external entity reference. The...
CVE-2022-4607 3D City Database OGC Web Feature Service xml external entity reference
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...
VulnCheck KEV: CVE-2023-25157
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols...