Back to search

PostgreSQL class A vulnerability in core server: CVE-2013-1899

Severity CVSS Published Added Modified
7 (AV:N/AC:L/Au:S/C:P/I:P/A:P) April 03, 2013 April 04, 2013 March 31, 2014

Available Exploits 

Description

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

postgres-upgrade-9_0_13

Related Vulnerabilities