Description
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Filebase Download Manager Multiple Unspecified Vulnerabilities (0.2.9.24)
MyBB Insertion of Sensitive Information into Log File Vulnerability (CVE-2015-8977)
Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8166)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2002-0493)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8289)