Unrated severityNVD Advisory· Published Aug 1, 2011· Updated Apr 29, 2026
CVE-2011-2703
CVE-2011-2703
Description
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
Affected products
69cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*+ 53 more
- cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*range: <=4.10.6
- cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.2.2:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:umn:mapserver:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:5.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:5.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:6.0.0:rc2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.htmlnvdPatch
- trac.osgeo.org/mapserver/ticket/3903nvdPatch
- www.openwall.com/lists/oss-security/2011/07/19/11nvdPatch
- www.openwall.com/lists/oss-security/2011/07/19/14nvdPatch
- www.openwall.com/lists/oss-security/2011/07/20/15nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/45257nvdVendor Advisory
- secunia.com/advisories/45318nvdVendor Advisory
- secunia.com/advisories/45368nvdVendor Advisory
- www.debian.org/security/2011/dsa-2285nvd
- www.securityfocus.com/bid/48720nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/68682nvd
News mentions
0No linked articles in our index yet.