Arbitrary SQL Execution Vulnerability in PostgreSQL

Arbitrary SQL Execution Vulnerability in PostgreSQL

CVE-2019-10208 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.