Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. This version of GeoServer is vulnerable to an SQL injection vulnerability.

Remediation

Upgrade to the latest version of GeoServer

References

GeoServer OGC Filter SQL Injection Vulnerabilities

GeoServer & GeoTools SQL Injection (CVE-2023-25157 & CVE-2023-25158)

Related Vulnerabilities

WordPress Plugin BBS e-Franchise SQL Injection (1.1.1)

WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (2.3.5)

WordPress Plugin UPM Polls 'PID' Parameter SQL Injection (1.0.4)

WordPress Plugin Welcart e-Commerce Multiple SQL Injection Vulnerabilities (1.5.2)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll SQL Injection (1.1.91)

Severity

High

Classification

CVE-2023-25157 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Denial Of Service SQL Injection