Security Vulnerabilities - Possible SQL Injection using OGC filter encoding
|Reported by:||assefa||Owned by:||assefa|
|Cc:||dmorissette, sdlime, jmckenna, aboudreault|
Description (last modified by )
This ticket is to track fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS and SOS), as well as a potential SQL injection in WMS time support.
Your system may be vulnerable if it has MapServer with OGC protocols enabled, with layers connecting to an SQL RDBMS backend, either natively or via OGR.
All versions of MapServer 4.x, 5.x and 6.x are potentially vulnerable. All users are strongly encouraged to upgrade to one of the latest releases with the fixes.
Change History (14)
comment:1 Changed 6 years ago by
|Milestone:||→ 6.0.1 release|
comment:2 Changed 6 years ago by
|Cc:||sdlime jmckenna aboudreault added|
|Component:||WFS Server → Security/Vulnerability (Private)|
|Summary:||Possible SQL Injection using filter encding → Security Vulnerabilities - Possible SQL Injection using OGC filter encoding|
comment:7 Changed 6 years ago by
|Component:||Security/Vulnerability (Private) → Security/Vulnerability (Public)|
|Status:||new → closed|