Description

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Remediation

References

CVE-2007-3278

Related Vulnerabilities

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-39193)

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000206)

MySQL CVE-2014-6469 Vulnerability (CVE-2014-6469)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1875)

WordPress Plugin Ultimate Affiliate Pro Multiple Cross-Site Scripting Vulnerabilities (3.6)

Severity

Medium

Classification

CVE-2007-3278 CWE-264

Tags

Missing Update Known Vulnerabilities