Description

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Remediation

References

CVE-2012-0868

Related Vulnerabilities

Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.4.4)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)

Nginx Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-3898)

Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3232)

WordPress Plugin Booking Calendar Cross-Site Request Forgery (9.2.1)

Severity

Medium

Classification

CVE-2012-0868 CWE-138

Tags

Missing Update Known Vulnerabilities