10 matches found
CVE-2026-7299
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...
PostgreSQL Anonymizer 安全漏洞
PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a security vulnerability that stems from allowing users to obtain...
postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names
A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...
postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names
A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...
postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names
A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
Impact What kind of vulnerability is it? Who is impacted? The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could lead to SQL injection. This could lead to...
GHSA-R38F-C4H4-HQQ2 PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
Impact What kind of vulnerability is it? Who is impacted? The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could lead to SQL injection. This could lead to...
CVE-2022-31197 SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc
PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...
DEBIAN-CVE-2017-16082
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...
CVE-2017-16082
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...