CVE-2023-25157
Description
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate strEndsWith
, strStartsWith
and PropertyIsLike
misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the FeatureId
misuse.
Severity: CRITICAL
CVE ID: CVE-2023-25157
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-25157
Refrence: Project Discovery GitHub
win3zz
CVE-2023-25157 - GeoServer SQL Injection - PoC
Refrence: GitHub
0x2458bughunt
Refrence: GitHub
murataydemir
GeoServer & GeoTools SQL Injection (CVE-2023-25157 & CVE-2023-25158)
Refrence: GitHub
7imbitz
A script, written in golang. POC for CVE-2023-25157
Refrence: GitHub
Rubikcuv5
GeoServer OGC Filter SQL Injection Vulnerabilities
Refrence: GitHub
dr-cable-tv
Geoserver SQL Injection Exploit
Refrence: GitHub