Description
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
Remediation
References
Related Vulnerabilities
Ruby Improper Authentication Vulnerability (CVE-2009-0642)
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)
WordPress Plugin Display Users SQL Injection (2.0.0)
WordPress Plugin Webmention Cross-Site Scripting (4.0.8)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2005-0244)