This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote web server hosts a version of MapServer that may be affected
by a SQL injection vulnerability.
The version of MapServer hosted on the remote web server may be
affected by a SQL injection vulnerability due to a failure to properly
sanitize user-supplied input. Specifically, the
mPostGISLayerSetTimeFilter function in mappostgis.c does not properly
sanitize user-supplied input passed via PostGIS TIME filters, leading to
a possible unintended disclosure of data.
Note: In order for this vulnerability to be exploited, WMS-Time must be
configured and PostGIS must be in use.
See also :
Upgrade to MapServer 5.6.9 / 6.0.4 / 6.2.2 / 6.4.1 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 72094 ()
Bugtraq ID: 64671
CVE ID: CVE-2013-7262
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.