CVE-2013-7262
Published: 5 January 2014
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Priority
Status
Package | Release | Status |
---|---|---|
mapserver Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(6.0.1-2ubuntu1.1)
|
|
quantal |
Released
(6.0.1-3.2ubuntu0.12.10.1)
|
|
raring |
Released
(6.0.1-3.2ubuntu0.13.04.1)
|
|
saucy |
Released
(6.2.1-3ubuntu0.1)
|
|
upstream |
Released
(6.4.1)
|
|
Patches: upstream: https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed |
References
- https://github.com/mapserver/mapserver/issues/4834
- https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed
- http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1
- https://www.cve.org/CVERecord?id=CVE-2013-7262
- NVD
- Launchpad
- Debian