Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2024-10979)

Description

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

Remediation

References

Related Vulnerabilities

Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-15151)

WordPress CVE-2016-5837 Vulnerability (CVE-2016-5837)

WordPress Plugin WordPress Books Gallery Cross-Site Request Forgery (4.4.8)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-45613)

phpMyAdmin Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2020-22278)

Severity

High

Classification

CVE-2024-10979 CWE-610 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities