Description
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-4156)
WordPress Plugin WishList Member X SQL Injection (3.25.1)
MySQL CVE-2018-2755 Vulnerability (CVE-2018-2755)
WordPress Plugin WPML (WordPress Multilingual) Multiple Vulnerabilities (3.1.8.6)
WordPress Plugin RocketTheme RokBox 'jwplayer.swf' Cross-Site Scripting (2.11)