VDB

GCVE-110-MAGEIA-2015-97

GCVE-110-MAGEIA-2015-97
Advisory Published
Vulnetix · Advisory published March 6, 2015
Updated mapserver packages fix security vulnerability: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter (CVE-2013-7262). The mapserver package has been updated to version 6.2.2, which fixes this issue and several other bugs, including some packaging issues which prevented it from working anyway.

Affected Products

VendorProductVersionsPlatforms
Mageiasdcc0 (affected), 0 (affected), 3.4.0-8.mga5.nonfree (unaffected), 3.4.0-8.mga5 (unaffected)
Mageiamapserver0 (affected), 6.2.2-1.2.mga4 (unaffected), 0 (affected), 6.2.2-1.2.mga4 (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›