SQL Injection is possible with WHERE clause via ArcGIS for Server 10.1 SP1 with Security Patch.
Last Published: May 21, 2015ArcGIS for Server
Bug ID Number
April 7, 2015
June 11, 2020
ArcGIS for Server
Operating System Version
2008 64 Bit
The issue is a duplicate of an existing issue. See the issue's Additional Information section for details. Customers associated with the duplicate issue are automatically attached to the open issue.