Description

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Remediation

References

CVE-2007-3279

Related Vulnerabilities

WordPress Plugin Cart66 Lite::WordPress Ecommerce SQL Injection (1.5.1.17)

Nexus Repository Manager Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-43961)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8153)

Oracle Database Server CVE-2006-0260 Vulnerability (CVE-2006-0260)

WordPress Plugin Invoicing with InvoiceXpress for WooCommerce-Free Cross-Site Scripting (3.0.2)

Severity

Critical

Classification

CVE-2007-3279

Tags

Missing Update Known Vulnerabilities