Ticket #3903 (closed defect: fixed)
Security Vulnerabilities - Possible SQL Injection using OGC filter encoding
|Reported by:||assefa||Owned by:||assefa|
|Cc:||dmorissette, sdlime, jmckenna, aboudreault|
Description (last modified by dmorissette) (diff)
This ticket is to track fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS and SOS), as well as a potential SQL injection in WMS time support.
Your system may be vulnerable if it has MapServer with OGC protocols enabled, with layers connecting to an SQL RDBMS backend, either natively or via OGR.
All versions of MapServer 4.x, 5.x and 6.x are potentially vulnerable. All users are ** strongly encouraged ** to upgrade to one of the latest releases with the fixes.