Description

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

Remediation

References

CVE-2018-16850

Related Vulnerabilities

WordPress Plugin gSlideShow Cross-Site Request Forgery (0.1)

Apache HTTP Server CVE-2002-0392 Vulnerability (CVE-2002-0392)

Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2021-20185)

WordPress Plugin Modula Image Gallery Cross-Site Scripting (1.3.5)

Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21674)

Severity

Critical

Classification

CVE-2018-16850 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities