What is CVE-2019-9193?

CVE-2019-9193 is a vulnerability in N/a. Published 2019-04-01.

Is CVE-2019-9193 known to be exploited?

55 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-9193

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality i…

EPSS: 0.936 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

b4keSn4ke/CVE-2019-9193
geniuszly/CVE-2019-9193
wkjung0624/cve-2019-9193
paulotrindadec/CVE-2019-9193
CybersRMUTL/CVE-2019-9193-Postgresql-RCE
netw0rk7/CVE-2019-9193-Home-Lab
corsisechero/CVE-2019-9193byVulHub
jhnhnck/CVE-2019-9193
rapid7/metasploit-framework
NTKien-ptitt/Random_

References

paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/
medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-post…
blog.hagander.net/when-a-vulnerability-is-not-a-vulnerability-244/
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/authenticated-arbitrary…
security.netapp.com/advisory/ntap-20190502-0003/
packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execu…
packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html
packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html

Frequently asked questions

What is CVE-2019-9193?: CVE-2019-9193 is a vulnerability in N/a. Published 2019-04-01.
Is CVE-2019-9193 known to be exploited?: 55 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.