GeoServer & GeoTools SQL Injection (CVE-2023-25157 & CVE-2023-25158)
GeoServer is an open-source software server written in Java that can view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from various sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets.
The vulnerabilities in question are deeply embedded within the filter and function expressions defined by the Open Geospatial Consortium (OGC) standards. These expressions form the backbone of geospatial data querying and manipulation, playing a pivotal role in the functionality of systems like GeoServer and GeoTools.
Vulnmachines - Place for Pentesters
Vulnmachines is an online cyber security training platform with a massive number of labs, allowing individuals, students, cyber professionals, companies, universities, and all kinds of organizations around the world to enhance their practical skills with Real-world enterprise scenarios.
Visit: www.vulnmachin...
The SecOps Group is a globally recognized IT security company having extensive and varied experience in providing cybersecurity consultancy and education services. At The SecOps Group, we believe that security is a continuous process, which has to progress with time and in accordance with the customer needs and constantly evolving threats. Our core business comprises of two units:
1. Consultancy:
Pentesting and Advisory
The SecOps Group are cybersecurity experts offering CREST-accredited security consultancy services.
2. Education:
Pentesting Exams
Through our exams, we provide an authentic and credible certification that is modern, relevant and represents real-life business risks.
For business: secops.group/
Follow us
Twitter: / thesecopsgroup
Instagram: / thesecopsgroupuk
LinkedIn: / secops-group
9 авг 2023
