PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-39417 - Vulnerability Database

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-39417

High
Reference: CVE-2023-39417
Title: PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

IN THE EXTENSION SCRIPT a SQL Injection vulnerability was found in PostgreSQL if it uses extowner extschema or extschema:... inside a quoting construct (dollar quoting 3939 or quotquot). If an administrator has installed files of a vulnerable trusted non-bundled extension an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.