Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2019-10208 - Vulnerability Database
PostgreSQL

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2019-10208

High
Reference: CVE-2019-10208
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-10208
Title: PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

A flaw was discovered in postgresql versions 9.4.x before 9.4.24 9.5.x before 9.5.19 9.6.x before 9.6.15 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker with EXECUTE permission on the function can execute arbitrary SQL as the owner of the function.