Main Vulnerability Database Exploits ID:11698 - Exploit for Input validation error in PostgreSQL - CVE-2007-3280

ID:11698 - Exploit for Input validation error in PostgreSQL - CVE-2007-3280

Published: June 23, 2025

Vulnerability identifier: #VU111779

Vulnerability risk: High

CVE-ID: CVE-2007-3280

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
PostgreSQL

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/postgres/postgres_payload

Vulnerability description

The vulnerability allows a remote user to execute arbitrary code.

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Remediation

Install update from vendor's website.

ID:11698 - Exploit for Input validation error in PostgreSQL - CVE-2007-3280

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human