Exploit for SQL Injection in Osgeo Geoserver

April 24, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title Exploit for SQL Injection in Osgeo Geoserver
Exploit ID F3EA0D5D-8DD1-5A7C-A39A-B48AF7A8B470
Type githubexploit
Published 2025-04-24T09:12:18
Modified 2025-04-24T09:21:38

CVSS Information

CVSS Score 9.8
Severity CRITICAL
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE Information

  • CVE-2023-25157

Exploit Description

漏洞描述 由于未对用户输入进行过滤,远程未授权攻击者可以构造畸形的过滤语法,绕过GeoServer的词法解析从而造成SQL注入,获取服务器中的敏感信息,甚至可能获取数据库服务器权限。 影响版本 GeoServer 2.20.x < 2.20.7 GeoServer 2.19.x < 2.19.7 GeoServer 2.18.x < 2.18.7 GeoServer 2.21.x < 2.21.4…

Exploit Code

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.