Description

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Remediation

References

CVE-2014-8161

Related Vulnerabilities

Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.8)

WordPress Plugin AccessPress Social Counter includes Backdoor [Only if downloaded via the vendor website] (1.9.1)

WordPress Plugin WP Social Invitations Cross-Site Scripting (1.4.4.2)

XWikiplatform Missing Authorization Vulnerability (CVE-2024-37898)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-33338)

Severity

Medium

Classification

CVE-2014-8161 CWE-209 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities