Description
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
Remediation
References
Related Vulnerabilities
Jboss EAP CVE-2016-6796 Vulnerability (CVE-2016-6796)
PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5288)
WordPress Plugin SendPress Newsletters Security Bypass (1.2.10.20)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7061)
WordPress Plugin Registrations for the Events Calendar-Event Registration SQL Injection (2.7.5)