Lucene search
HistoryOct 06, 2010 - 9:00 p.m.
CVE-2010-3781
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.04
Percentile
92.1%
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.
Affected configurations
Node
alvaro_herrerapl\/phpRange≤1.4
ORalvaro_herrerapl\/phpMatch1.0
ORalvaro_herrerapl\/phpMatch1.1
ORalvaro_herrerapl\/phpMatch1.2
ORalvaro_herrerapl\/phpMatch1.3.1
ORalvaro_herrerapl\/phpMatch1.3.2
ORalvaro_herrerapl\/phpMatch1.3.3
ORalvaro_herrerapl\/phpMatch1.3.5beta1
postgresqlpostgresql
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alvaro_herrera | pl\/php | * | cpe:2.3:a:alvaro_herrera:pl\/php:*:*:*:*:*:*:*:* |
| alvaro_herrera | pl\/php | 1.0 | cpe:2.3:a:alvaro_herrera:pl\/php:1.0:*:*:*:*:*:*:* |
| alvaro_herrera | pl\/php | 1.1 | cpe:2.3:a:alvaro_herrera:pl\/php:1.1:*:*:*:*:*:*:* |
| alvaro_herrera | pl\/php | 1.2 | cpe:2.3:a:alvaro_herrera:pl\/php:1.2:*:*:*:*:*:*:* |
| alvaro_herrera | pl\/php | 1.3.1 | cpe:2.3:a:alvaro_herrera:pl\/php:1.3.1:*:*:*:*:*:*:* |
| alvaro_herrera | pl\/php | 1.3.2 | cpe:2.3:a:alvaro_herrera:pl\/php:1.3.2:*:*:*:*:*:*:* |
| alvaro_herrera | pl\/php | 1.3.3 | cpe:2.3:a:alvaro_herrera:pl\/php:1.3.3:*:*:*:*:*:*:* |
| alvaro_herrera | pl\/php | 1.3.5 | cpe:2.3:a:alvaro_herrera:pl\/php:1.3.5:beta1:*:*:*:*:*:* |
| postgresql | postgresql | * | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2010-10-06 21:00:00
Code injection
2010-10-06 17:00:00
cve
cve
CVE-2010-3781
2010-10-06 21:00:01
CVE-2010-3433
2010-10-06 17:00:16
cvelist
cvelist
CVE-2010-3781
2010-10-06 20:00:00
CVE-2010-3433
2010-10-06 16:00:00
nessus
nessus
Fedora 14 : postgresql-8.4.5-1.fc14 (2010-15852)
2010-10-18 00:00:00
PostgreSQL 7.4 < 7.4.30 / 8.0 < 8.0.26 / 8.1 < 8.1.22 / 8.2 < 8.2.18 / 8.3 < 8.3.12 / 8.4 < 8.4.5 / 9.0 < 9.0.1
2012-12-28 00:00:00
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 7186)
2010-10-20 00:00:00
openvas
openvas
Fedora Update for postgresql FEDORA-2010-15852
2010-12-02 00:00:00
Oracle: Security Advisory (ELSA-2010-0742)
2015-10-06 00:00:00
RedHat Update for postgresql and postgresql84 RHSA-2010:0742-01
2010-10-19 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerability
2010-10-07 00:00:00
PostgreSQL vulnerability
2010-10-07 00:00:00
postgresql
postgresql
Vulnerability in core server (CVE-2010-3433)
2010-10-06 17:00:00
redhat
redhat
(RHSA-2010:0908) Moderate: postgresql security update
2010-11-23 00:00:00
(RHSA-2010:0742) Moderate: postgresql and postgresql84 security update
2010-10-06 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:197 ] postgresql
2010-10-06 00:00:00
PostgreSQL code execution
2010-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: postgresql-8.4.5-1.fc14
2010-10-18 05:44:17
[SECURITY] Fedora 12 Update: postgresql-8.4.5-1.fc12
2010-10-19 07:19:06
[SECURITY] Fedora 14 Update: sepostgresql-9.0.1-20101007.fc14
2010-10-28 06:14:45
centos
centos
postgresql, postgresql84 security update
2010-10-06 18:48:07
osv
osv
postgresql-8.3 - privilege escalation
2010-10-12 00:00:00
oraclelinux
oraclelinux
postgresql and postgresql84 security update
2010-10-06 00:00:00
postgresql security update
2011-02-03 00:00:00
debian
debian
[SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation
2010-10-12 20:42:06
BSA-005 Security Update for postgresql-8.4
2010-10-10 12:48:58
BSA-005 Security Update for postgresql-8.4
2010-10-10 12:48:45
veracode
veracode
Privilege Escalation
2020-04-10 00:52:08
ubuntucve
ubuntucve
CVE-2010-3433
2010-10-05 00:00:00
nvd
nvd
CVE-2010-3433
2010-10-06 17:00:16
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2011-10-25 00:00:00
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.04
Percentile
92.1%
Related for NVD:CVE-2010-3781