Description
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)
Apache HTTP Server Other Vulnerability (CVE-2002-0654)
WordPress Plugin Social Media Share Buttons & Social Sharing Icons Cross-Site Scripting (2.1.7)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-6289)
Chamilo Improper Privilege Management Vulnerability (CVE-2020-23128)