Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PostgreSQL SECURITY DEFINER函数权限提升漏洞
Vulnerability Description
PostgreSQL 是一个自由的对象-关系数据库服务器(数据库管理系统)。 基于PostgreSQL平台的PL/php add-on 1.4及更早版本对在相同会话中的不同SQL用户身份不能正确保护脚本执行。远程认证用户可以借助SECURITY DEFINER函数中特制的脚本代码获得权限的提升。
CVSS Information
N/A
Vulnerability Type
N/A