CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
A malicious PgHero user can use the EXPLAIN functionality to extract data from
the database. With certain inputs, a user can get the results of a query to
appear in an error message. If the PgHero database user has superuser privileges
(not recommended), the user can use file access functions to read files on the
database server.