Description

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Remediation

References

CVE-2007-6600

Related Vulnerabilities

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3731)

WordPress Plugin Quick Chat Cross-Site Scripting (4.14)

Spring Cloud Gateway Incorrect Authorization Vulnerability (CVE-2021-22051)

WordPress Plugin Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Cross-Site Scripting (5.1.0)

Severity

Medium

Classification

CVE-2007-6600 CWE-264

Tags

Missing Update Known Vulnerabilities