CVE-2019-10208

HIGH Year: 2019
CVSS v3 Score
7.5
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Related Vulnerabilities

CVE-2007-10001

HIGH
CVSS:7.5(High)

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is...

CWE-892007

CVE-2016-10556

HIGH
CVSS:7.5(High)

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsof...

CWE-892016

CVE-2016-20018

HIGH
CVSS:7.5(High)

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.

CWE-892016

CVE-2016-6419

HIGH
CVSS:7.5(High)

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485...

CWE-892016

CVE-2016-6616

HIGH
CVSS:7.5(High)

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6...

CWE-892016

CVE-2016-7508

HIGH
CVSS:7.5(High)

Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 ...

CWE-892016