Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain full database control.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNsa Ghidra
APPNsa11.0 – 12.1 (bez)
Powiązane podatności
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eva...
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML F...
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrate...
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd....
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connecti...