CVE-2010-3781 Information

Description

The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function a related issue to CVE-2010-3433.

Reference

http://www.postgresql.org/about/news.1244 http://www.postgresql.org/docs/9.0/static/release-9-0-1.html https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6645