IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-08-11T12:19:15.108Z
Updated: 2024-09-12T19:51:10.673Z
Reserved: 2023-08-01T09:31:02.842Z
Link: CVE-2023-39417
Vulnrichment
Updated: 2024-08-02T18:10:20.829Z
NVD
Status : Modified
Published: 2023-08-11T13:15:09.870
Modified: 2024-09-09T08:15:01.823
Link: CVE-2023-39417
Redhat