WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3278)

Description

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Remediation

References

Related Vulnerabilities

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2019-19343)

WordPress Plugin WP Easy Gallery 'select_gallery' Parameter Cross-Site Scripting (1.7)

Apache HTTP Server Other Vulnerability (CVE-1999-0045)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)

SharePoint Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-1261)

Severity

Medium

Classification

CVE-2007-3278 CWE-264

Tags

Missing Update Known Vulnerabilities