Total vulnerabilities in the database
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.
| Software | From | Fixed in |
|---|---|---|
| apple / mac_os_x | - | 10.10.5.x |
| php / php | 5.6.0 | 5.6.8 |
| php / php | - | 5.4.40 |
| php / php | 5.5.0 | 5.5.24 |