Description
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.
Remediation
References
Related Vulnerabilities
WordPress 5.0.x Cross-Site Request Forgery (5.0 - 5.0.3)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.14)
WordPress Plugin RESPONSIVE 3D SLIDER SQL Injection (1.2)
WordPress Plugin Super Logos Showcase for WordPress Arbitrary File Upload (2.2)
WordPress Plugin Wonder Video Embed Cross-Site Scripting (1.7)