CVE-2013-7262

Name of the Vulnerable Software and Affected Versions MapServer versions prior to 6.4.1

Description The issue is related to a SQL injection vulnerability in the msPostGISLayerSetTimeFilter function when a WMS-Time service is used. This allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.

Recommendations For versions prior to 6.4.1, update to version 6.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the WMS-Time service until the update is applied.