Unrated severityNVD Advisory· Published Oct 6, 2010· Updated Apr 29, 2026

CVE-2010-3781

Description

The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.

Affected products

Alvaro Herrera/Pl\/PHP8 versions
cpe:2.3:a:alvaro_herrera:pl\/php:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:alvaro_herrera:pl\/php:*:*:*:*:*:*:*:*range: <=1.4
- cpe:2.3:a:alvaro_herrera:pl\/php:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:alvaro_herrera:pl\/php:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:alvaro_herrera:pl\/php:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:alvaro_herrera:pl\/php:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:alvaro_herrera:pl\/php:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:alvaro_herrera:pl\/php:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:alvaro_herrera:pl\/php:1.3.5:beta1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000