Back to search

PostgreSQL class A vulnerability in core server: CVE-2013-1899

Severity CVSS Published Added Modified
7 (AV:N/AC:L/Au:S/C:P/I:P/A:P) April 04, 2013 April 05, 2013 April 01, 2014

Available Exploits 

Description

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

Related Vulnerabilities