Description

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

Remediation

References

CVE-2018-16850

Related Vulnerabilities

WordPress Plugin IMPress for IDX Broker Multiple Vulnerabilities (2.6.1)

MySQL CVE-2014-4207 Vulnerability (CVE-2014-4207)

WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (4.4.3)

WordPress Plugin Asgaros Forum Security Bypass (1.5.7)

WordPress Plugin Crafty Social Buttons Cross-Site Scripting (1.5.6)

Severity

Critical

Classification

CVE-2018-16850 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities