CVE-2013-7232
ESRI ArcGIS for Server < 10.2 - SQL Injection via Map or Feature Service Input
Title source: llmDescription
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009
Scores
EPSS
0.0046
EPSS Percentile
64.2%
Details
CWE
CWE-89
Status
published
Products (1)
esri/arcgis_server
< 10.2
Published
Dec 30, 2013
Tracked Since
Feb 18, 2026