Description
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (2.9.60)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1135)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0124)
Joomla CVE-2012-2747 Vulnerability (CVE-2012-2747)
WordPress Plugin Event Registration 'event_id' Parameter SQL Injection (5.32)