Description
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
Remediation
References
Related Vulnerabilities
WordPress 4.4.x Denial of Service Vulnerability (4.4 - 4.4.14)
WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.8.5.8)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-34798)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5342)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)