CVE-2010-3781

Published Oct 6, 2010

Last updated 3 months ago

CVSS info 6.0

Overview

Description: The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:alvaro_herrera:pl\\/php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "348D5331-ECC6-4E02-8297-663F09311F8B",
            "versionEndIncluding": "1.4"
          },
          {
            "criteria": "cpe:2.3:a:alvaro_herrera:pl\\/php:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82763B21-180E-4820-91AA-9475E535D9AE"
          },
          {
            "criteria": "cpe:2.3:a:alvaro_herrera:pl\\/php:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35B237D7-2059-4BD0-BE8D-65E93180360B"
          },
          {
            "criteria": "cpe:2.3:a:alvaro_herrera:pl\\/php:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90B0A478-57CF-4BF2-B6D5-2D55259A5300"
          },
          {
            "criteria": "cpe:2.3:a:alvaro_herrera:pl\\/php:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "962A3D30-7C0D-489F-896E-7718FB1A927F"
          },
          {
            "criteria": "cpe:2.3:a:alvaro_herrera:pl\\/php:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F6ADAE-8DE8-46AB-BF15-CE0948305ABE"
          },
          {
            "criteria": "cpe:2.3:a:alvaro_herrera:pl\\/php:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82F0F4C7-5404-4D53-8B56-42F38E96FC19"
          },
          {
            "criteria": "cpe:2.3:a:alvaro_herrera:pl\\/php:1.3.5:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B349755-B641-4C9C-907C-4C83C4D6E64F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E5A47A8B-5F2B-42B1-A8F6-ACDBEA4D8485"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References