Description

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

Remediation

References

CVE-2018-1058

Related Vulnerabilities

WordPress Plugin FlyingPress Security Bypass (3.9.6)

WordPress Plugin WP Migrate DB Security Bypass (0.6)

MySQL Improper Access Control Vulnerability (CVE-2016-0611)

WordPress Plugin Dtracker Multiple Vulnerabilities (1.5)

WordPress Plugin Gallery transformation SQL Injection (1.0)

Severity

High

Classification

CVE-2018-1058 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities