Launchpad.net

CVE 2013-7262

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.

Related bugs and status

CVE-2013-7262 (Candidate) is related to these bugs:

Bug #1267616: Possible SQL Injections with postgis TIME filters

		In	Importance	Status
1267616	Possible SQL Injections with postgis TIME filters	mapserver (Ubuntu)	Undecided	Fix Released
1267616	Possible SQL Injections with postgis TIME filters	mapserver (Ubuntu Precise)	Medium	Fix Released
1267616	Possible SQL Injections with postgis TIME filters	mapserver (Ubuntu Quantal)	Medium	Fix Released
1267616	Possible SQL Injections with postgis TIME filters	mapserver (Ubuntu Saucy)	Medium	Fix Released
1267616	Possible SQL Injections with postgis TIME filters	mapserver (Ubuntu Raring)	Medium	Fix Released
1267616	Possible SQL Injections with postgis TIME filters	mapserver (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-7262

Related bugs and status

Related bugs

References