Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-39417 - Vulnerability Database
PostgreSQL

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-39417

High
Reference: CVE-2023-39417
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-39417
Title: PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

IN THE EXTENSION SCRIPT a SQL Injection vulnerability was found in PostgreSQL if it uses extowner extschema or extschema:... inside a quoting construct (dollar quoting 3939 or quotquot). If an administrator has installed files of a vulnerable trusted non-bundled extension an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.