Osgeo

Mapserver

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-42030

Exploit
  • EPSS 0.02%
  • Veröffentlicht 08.05.2026 15:56:48
  • Zuletzt bearbeitet 14.05.2026 18:04:33

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser...

9.1

CVE-2026-30479

  • EPSS 0.1%
  • Veröffentlicht 09.04.2026 17:16:24
  • Zuletzt bearbeitet 14.04.2026 17:16:49

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.

7.5

CVE-2026-33721

Exploit
  • EPSS 0.29%
  • Veröffentlicht 27.03.2026 00:15:00
  • Zuletzt bearbeitet 17.04.2026 18:16:31

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the Ma...

9.8

CVE-2025-59431

Exploit
  • EPSS 0.06%
  • Veröffentlicht 19.09.2025 19:29:13
  • Zuletzt bearbeitet 08.10.2025 18:26:15

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote chara...

5.3

CVE-2021-32062

  • EPSS 1.14%
  • Veröffentlicht 06.05.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 06:06:47

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a ...

7.5

CVE-2010-1678

  • EPSS 0.68%
  • Veröffentlicht 29.10.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 01:14:58

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.

9.8

CVE-2017-5522

  • EPSS 6.04%
  • Veröffentlicht 15.03.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature request...

7.5

CVE-2016-9839

  • EPSS 0.36%
  • Veröffentlicht 08.12.2016 08:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.

6.8

CVE-2013-7262

  • EPSS 0.19%
  • Veröffentlicht 05.01.2014 20:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filte...

6.8

CVE-2011-2975

  • EPSS 2.46%
  • Veröffentlicht 01.08.2011 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.