CVE-2012-4949
ESRI ArcGIS Server 10.1 - Authenticated SQL Injection via REST Service Query Where Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-4949. PoCs published by anonymous.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in ESRI ArcGIS for Server 10.1, where insufficient sanitization of user-supplied data in the 'where' parameter allows attackers to manipulate SQL queries. The example URL demonstrates a potential attack vector but does not include functional exploit code.
Description
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
Exploits (1)
The provided text describes an SQL injection vulnerability in ESRI ArcGIS for Server 10.1, where insufficient sanitization of user-supplied data in the 'where' parameter allows attackers to manipulate SQL queries. The example URL demonstrates a potential attack vector but does not include functional exploit code.