CVE-2011-2703
mapserver - several
EPSS 1.6%
Description
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
How to fix CVE-2011-2703
To remediate CVE-2011-2703, upgrade the affected package to a fixed version below.
- Debian/mapserver—upgrade to 6.0.1-1 or later
- Debian/mapserver—upgrade to 5.6.5-2+squeeze2 or later
Is CVE-2011-2703 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 6.0.1-1
- from 0, < 5.6.5-2+squeeze2