PostgreSQL SQL Injection Vulnerability (CVE-2025-1094)
February 25, 2025
Overview Recently, NSFOCUS CERT detected that PostgreSQL has issued a security announcement and fixed the PostgreSQL SQL injection vulnerability (CVE-2025-1094), with a CVSS score of 8.1. Since the psql tool of PostgreSQL is used to detect invalid UTF-8 characters (such as hax\xC0′; \! id #), resulting in accidental segmentation of SQL statements, and unauthenticated attackers […]
PostgreSQL Arbitrary Code Execution Vulnerability (CVE-2019-9193) Threat Alert
April 1, 2019
1 Vulnerability Overview
Recently, a security researcher disclosed details about a PostgreSQL privilege escalation code execution vulnerability (CVE-2019-9193), which allows attackers with read access to database server-side files to execute arbitrary system commands. (more…)
