10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
AI Score
Confidence
Low
0.019 Low
EPSS
Percentile
88.6%
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
osvdb.org/40900
www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
www.mandriva.com/security/advisories?name=MDKSA-2007:188
www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
www.securityfocus.com/archive/1/471541/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/35144