Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL CVE-2023-39418 Vulnerability (CVE-2023-39418)

Description

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Remediation

References

Related Vulnerabilities

WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress Cross-Site Scripting (1.5.6)

WordPress Plugin WP-DownloadManager Cross-Site Scripting (1.67)

WordPress Plugin WPJobBoard Multiple Cross-Site Scripting Vulnerabilities (4.5.1)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3319)

WordPress Plugin Mail Subscribe List Unspecified Vulnerability (2.0.9)

Severity

Medium

Classification

CVE-2023-39418 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities