Loading
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.
Use CWE-264, Osgeo vendor hub and Mapserver product page to widen CVE-2010-2540 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2017-5522, CVE-2025-59431 and CVE-2010-1678 for nearby disclosures in the same product family.