Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1975)

Description

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

Remediation

References

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4297)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7859)

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5351)

MySQL CVE-2021-35642 Vulnerability (CVE-2021-35642)

WordPress Plugin Advance Search for WooCommerce Cross-Site Scripting (1.0.9)

Severity

Medium

Classification

CVE-2010-1975 CWE-264

Tags

Missing Update Known Vulnerabilities