Approved changes feed: RSS · Atom

cpe:2.3:a:osgeo:mapserver:8.4.0:-:*:*:*:*:*:*

part: a version: 8.4.0 update: -

VendorOsgeo (706646bf-cac0-5b16-9ff6-83d28fd0444b)
ProductMapserver (fdf15dc6-4140-59d1-a297-792a1971f778)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/mapserver/mapserver purl2cpe 2026-06-01 10:12:15.957429
pkg:rpm/fedora/mapserver purl2cpe 2026-06-01 10:12:15.957430
pkg:rpm/opensuse/mapserver purl2cpe 2026-06-01 10:12:15.957431

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-59431 vulnerable 2026-06-08 07:35:21.902483 MapServer - WFS XML Filter Query SQL injection
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.
Published: 2025-09-19T19:29:13.163Z
Updated: 2025-09-19T19:42:16.930Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.