Description
SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2021-31965 Vulnerability (CVE-2021-31965)
WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (2.33)
WordPress Plugin WPtouch 'wptouch_redirect' Parameter URI Redirection (1.9.32)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310)
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.1.11)