IN THE EXTENSION SCRIPT, a SQL... CVE-2023-39417

- AV AC AU C I A
发布: 2023-08-11
修订: 2024-09-09

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

0%
暂无可用Exp或PoC
当前有11条受影响产品信息