Description

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Remediation

References

CVE-2007-3278

Related Vulnerabilities

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Scripting (3.1.0.4)

WordPress Plugin Custom Post Type UI 'wp-admin/admin.php' Cross-Site Scripting (0.7)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2034)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-4465)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4562)

Severity

Medium

Classification

CVE-2007-3278 CWE-264

Tags

Missing Update Known Vulnerabilities