Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PostgreSQL Permissions Privileges and Access Controls Vulnerability - CVE-2012-0866 - Vulnerability Database
PostgreSQL

PostgreSQL Permissions Privileges and Access Controls Vulnerability - CVE-2012-0866

Medium
Reference: CVE-2012-0866
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-0866
Title: PostgreSQL Permissions Privileges and Access Controls Vulnerability
Overview:

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18 8.4.x before 8.4.11 9.0.x before 9.0.7 and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.