Description

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

Remediation

References

CVE-2012-0866

Related Vulnerabilities

MySQL CVE-2015-4836 Vulnerability (CVE-2015-4836)

PostgreSQL Other Vulnerability (CVE-2005-1410)

Liferay Portal Improper Certificate Validation Vulnerability (CVE-2022-42131)

YOURLS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0088)

WordPress Plugin Smart Forms-Calculated Fields, Form Builder, Easy To Use Cross-Site Scripting (2.1.0)

Severity

Medium

Classification

CVE-2012-0866 CWE-264

Tags

Missing Update Known Vulnerabilities