Improper input validation in The Postgresql Global Development Group
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 th…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.812 (99.2th percentile) — read the EPSS interpretation.
Affected products
- The Postgresql Global Development Group — versions 9.3 - 10
Weakness classification (CWE)
Public proof-of-concept exploits
- ccchme/CVE-2018-1058
- ARPSyndicate/cvemon
- Imangazaliev/web-server-configuration
- J1ezds/Vulnerability-Wiki-page
- Live-Hack-CVE/CVE-2020-14349
- SexyBeast233/SecBooks
- TerraformFoundation/terraform-azurerm-db-postgresql
- Threekiii/Awesome-POC
- TerraformFoundation/terraform-azurerm-db-postgresql-flexible
- Threekiii/Vulhub-Reproduce
References
- bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
- USN-3589-1 (x_refsource_UBUNTU, vendor-advisory)
- 103221 (vdb-entry, x_refsource_BID)
- www.postgresql.org/about/news/1834/ (x_refsource_CONFIRM)
- RHSA-2018:2511 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2018:2566 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2018:3816 (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2018-1058?
- CVE-2018-1058 is a vulnerability in The Postgresql Global Development Group, classified under Improper Input Validation. Published 2018-03-02.
- Is CVE-2018-1058 known to be exploited?
- 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.