VYPR
Unrated severityNVD Advisory· Published Jul 18, 2012· Updated Jun 16, 2026

CVE-2012-0866

CVE-2012-0866

Description

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

43
  • cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*+ 39 more
    • cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
    • (no CPE)range: >=8.3.0, <=8.3.18 || >=8.4.0, <=8.4.11 || >=9.0.0, <=9.0.7 || >=9.1.0, <=9.1.3
  • osv-coords3 versions
    < 9.3.15-1.1+ 2 more
    • (no CPE)range: < 9.3.15-1.1
    • (no CPE)range: < 9.4.10-1.1
    • (no CPE)range: < 9.5.4-1.2

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.