SQL Injection Vulnerability in PostgreSQL JDBC Driver by PostgreSQL
CVE-2012-1618

Currently unrated

Key Information:

Vendor: Postgresql
Status: Postgresql; Postgresql Jdbc Driver
Vendor: CVE Published:; 6 October 2012

Summary

A flaw exists within the PostgreSQL JDBC driver versions prior to 8.2 that fails to properly escape unspecified JDBC statement parameters when interacting with a PostgreSQL server configured with the 'standard_conforming_strings' option enabled. This misconfiguration, prevalent in the default settings of PostgreSQL 9.1, allows remote attackers to execute SQL injection attacks, potentially leading to unauthorized access or data manipulation within the database.

References

http://www.openwall.com/lists/oss-security/2012/03/30/9

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2012/04/02/4

mailing-listx_refsource_MLIST

https://bugzilla.novell.com/show_bug.cgi?id=754273

x_refsource_MISC

Timeline

Vulnerability published
Oct 6, 2012
Vulnerability Reserved
Mar 12, 2012