{"id":"CVE-2013-7262","details":"SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.","modified":"2026-04-16T06:25:19.944231957Z","published":"2014-01-05T20:55:04Z","references":[{"type":"ADVISORY","url":"http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"},{"type":"FIX","url":"https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"},{"type":"REPORT","url":"https://github.com/mapserver/mapserver/issues/4834"},{"type":"WEB","url":"http://www.securityfocus.com/bid/64671"}],"schema_version":"1.7.5"}