Description

PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.

Remediation

References

CVE-2006-0553

Related Vulnerabilities

Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-44026)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34171)

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-41113)

WordPress Plugin WordPress File Upload Cross-Site Scripting (4.3.2)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.16.10)

Severity

Medium

Classification

CVE-2006-0553 CWE-264

Tags

Missing Update Known Vulnerabilities