Description
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-2185)
WordPress Plugin Dark Mode Cross-Site Scripting (1.6)
Serendipity Other Vulnerability (CVE-2006-2495)
MySQL CVE-2021-2076 Vulnerability (CVE-2021-2076)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Cross-Site Scripting (1.3.6.2)