Description
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by anonymous · textwebappsmultiple
https://www.exploit-db.com/exploits/38016
References (2)
Core 2
Core References
VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79977
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/795644
Scores
EPSS
0.0132
EPSS Percentile
80.0%
Details
CWE
CWE-89
Status
published
Products (1)
esri/arcgis_server
10.1
Published
Nov 14, 2012
Tracked Since
Feb 18, 2026