Description
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Remediation
References
Related Vulnerabilities
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4937)
WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (1.8)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.19)
WordPress Plugin YOP Poll Multiple Cross-Site Scripting Vulnerabilities (6.3.0)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-6932)