WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115)

Description

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Remediation

References

Related Vulnerabilities

WordPress Plugin Export Users With Meta SQL Injection (0.6.4)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12245)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Unspecified Vulnerability (2.6.21)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324)

WordPress Plugin WP eCommerce Multiple Unspecified Vulnerabilities (3.9.3)

Severity

Critical

Classification

CVE-2018-1115 CWE-732 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Known Vulnerabilities