Security Advisory

CVE-2018-16850

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-11-13 15:00:00

Last updated 2024-08-05 10:32:54

Assigner redhat

State PUBLISHED

Description

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

← Browse all CVEs View on cve.org ↗