CVE-2011-2703

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

• CWE-89

• http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.htmlPatch
• http://secunia.com/advisories/45257Vendor Advisory
• http://secunia.com/advisories/45318Vendor Advisory
• http://secunia.com/advisories/45368Vendor Advisory
• http://trac.osgeo.org/mapserver/ticket/3903Patch
• http://www.debian.org/security/2011/dsa-2285
• http://www.openwall.com/lists/oss-security/2011/07/19/11Patch
• http://www.openwall.com/lists/oss-security/2011/07/19/14Patch
• http://www.openwall.com/lists/oss-security/2011/07/20/15Patch
• http://www.securityfocus.com/bid/48720
• https://bugzilla.redhat.com/show_bug.cgi?id=722545Patch
• https://bugzilla.redhat.com/show_bug.cgi?id=723293Patch
• https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
• http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.htmlPatch
• http://secunia.com/advisories/45257Vendor Advisory
• http://secunia.com/advisories/45318Vendor Advisory
• http://secunia.com/advisories/45368Vendor Advisory
• http://trac.osgeo.org/mapserver/ticket/3903Patch
• http://www.debian.org/security/2011/dsa-2285
• http://www.openwall.com/lists/oss-security/2011/07/19/11Patch
• http://www.openwall.com/lists/oss-security/2011/07/19/14Patch
• http://www.openwall.com/lists/oss-security/2011/07/20/15Patch
• http://www.securityfocus.com/bid/48720
• https://bugzilla.redhat.com/show_bug.cgi?id=722545Patch
• https://bugzilla.redhat.com/show_bug.cgi?id=723293Patch
• https://exchange.xforce.ibmcloud.com/vulnerabilities/68682

Published

Aug 1, 2011

Last Modified

Jun 16, 2026

Status

Modified