Main Vulnerability Database Vulnerabilities #VU111761

#VU111761 OS Command Injection in PostgreSQL - CVE-2007-3278

Published: June 23, 2025

Vulnerability identifier: #VU111761

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2007-3278

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PostgreSQL

Software vendor:
PostgreSQL Global Development Group

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in dblink. A remote attacker with ability to manipulate the connection string can pass specially crafted input to the application and execute arbitrary OS commands on the target system.

Remediation

Install updates from vendor's website.

External links

https://www.postgresql.org/docs/release/7.4.19/
https://www.postgresql.org/docs/release/8.0.15/
https://www.postgresql.org/docs/release/8.1.11/
https://www.postgresql.org/docs/release/8.2.6/

#VU111761 OS Command Injection in PostgreSQL - CVE-2007-3278

Description

Remediation

External links

Please verify you're human