Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-9193
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PostgreSQL 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL 9.3至11.2版本中的导入导出数据命令‘COPY TO/FROM PROGRAM’存在操作系统命令注入漏洞。攻击者可利用该漏洞获取数据库超级用户权限,从而执行任意系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2019-9193
#POC DescriptionSource LinkShenlong Link
1PostgreSQL Remote Code Executuonhttps://github.com/wkjung0624/cve-2019-9193POC Details
2CVE-2019–9193 - PostgreSQL 9.3-12.3 Authenticated Remote Code Executionhttps://github.com/b4keSn4ke/CVE-2019-9193POC Details
3PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) https://github.com/chromanite/CVE-2019-9193-PostgreSQL-9.3-11.7POC Details
4Nonehttps://github.com/paulotrindadec/CVE-2019-9193POC Details
5is a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in specific versions of PostgreSQL (9.3 - 11.7)https://github.com/geniuszlyy/CVE-2019-9193POC Details
6PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7)https://github.com/AxthonyV/CVE-2019-9193POC Details
7Nonehttps://github.com/A0be/CVE-2019-9193POC Details
8is a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in specific versions of PostgreSQL (9.3 - 11.7)https://github.com/geniuszly/CVE-2019-9193POC Details
9Nonehttps://github.com/corsisechero/CVE-2019-9193byVulHubPOC Details
10In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’. https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2019/CVE-2019-9193.yamlPOC Details
11Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/PostgreSQL%20%E9%AB%98%E6%9D%83%E9%99%90%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2019-9193.mdPOC Details
12https://github.com/vulhub/vulhub/blob/master/postgres/CVE-2019-9193/README.mdPOC Details
13PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7)https://github.com/jhnhnck/CVE-2019-9193POC Details
14This lab simulates CVE-2019-9193 - PostgreSQL COPY FROM PROGRAM RCEhttps://github.com/netw0rk7/CVE-2019-9193-Home-LabPOC Details
15Nonehttps://github.com/Cheryanika/CVE-2019-9193---Postgresql---RCEPOC Details
16Nonehttps://github.com/CybersRMUTL/CVE-2019-9193-Postgresql-RCEPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2019-9193
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2019-9193

No comments yet

Leave a comment