Description

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Remediation

References

CVE-2007-3278

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2006-3700)

WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Security Bypass (7.6.4)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3629)

WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Multiple Cross-Site Scripting Vulnerabilities (4.2.9)

Severity

Medium

Classification

CVE-2007-3278 CWE-264

Tags

Missing Update Known Vulnerabilities