CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

Published: Nov 13, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-16850
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
postgresql / postgresql	10.0	10.6
postgresql / postgresql	11.0	11.1
redhat / enterprise_linux	7.4	7.4.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	7.5	7.5.x
redhat / enterprise_linux	7.6	7.6.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	18.10	18.10.x

http://www.securityfocus.com/bid/105923
http://www.securitytracker.com/id/1042144
https://access.redhat.com/errata/RHSA-2018:3757
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
https://security.gentoo.org/glsa/201811-24
https://usn.ubuntu.com/3818-1/
https://www.postgresql.org/about/news/1905/

Vulnerability Database

289,599

CVE-2018-16850