WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Incorrect Authorization Vulnerability (CVE-2021-20229)

Description

A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Remediation

References

Related Vulnerabilities

WordPress Plugin OptionTree PHP Object Injection (2.7.2)

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.13)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-3506)

MySQL CVE-2020-14765 Vulnerability (CVE-2020-14765)

WordPress Plugin If>So Dynamic Content Unspecified Vulnerability (1.4.1)

Severity

Medium

Classification

CVE-2021-20229 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities