CVE-2012-1618
published 2012-10-06CVE-2012-1618: Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.94%
85.4th percentile
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libpgjava | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql_jdbc_driver | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Unescaped parameters in the PostgreSQL JDBC driver
ghsa·2022-05-17
CVE-2012-1618 [HIGH] Unescaped parameters in the PostgreSQL JDBC driver
Unescaped parameters in the PostgreSQL JDBC driver
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.
OSV
Unescaped parameters in the PostgreSQL JDBC driver
osv·2022-05-17
CVE-2012-1618 [HIGH] Unescaped parameters in the PostgreSQL JDBC driver
Unescaped parameters in the PostgreSQL JDBC driver
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.
Red Hat
postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters
vendor_redhat·2012-03-25·CVSS 7.5
CVE-2012-1618 [HIGH] postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters
postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.
Statement: The upstream development team of the JDBC driver for the PostgreSQL database does not consider improper escaping of certain JDBC statement / query parameters, when the JDBC driver of version older than the version of u
Debian
CVE-2012-1618: libpgjava - Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a Pos...
vendor_debian·2012·CVSS 7.5
CVE-2012-1618 [HIGH] CVE-2012-1618: libpgjava - Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a Pos...
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-03/0126.htmlhttp://lists.opensuse.org/opensuse-security/2012-03/msg00024.htmlhttp://www.openwall.com/lists/oss-security/2012/03/30/8http://www.openwall.com/lists/oss-security/2012/03/30/9http://www.openwall.com/lists/oss-security/2012/03/31/1http://www.openwall.com/lists/oss-security/2012/04/02/4http://www.openwall.com/lists/oss-security/2012/04/04/11http://www.openwall.com/lists/oss-security/2012/04/04/4http://www.openwall.com/lists/oss-security/2012/04/04/5http://www.openwall.com/lists/oss-security/2012/04/04/9http://www.osvdb.org/80641https://bugzilla.novell.com/show_bug.cgi?id=754273http://archives.neohapsis.com/archives/bugtraq/2012-03/0126.htmlhttp://lists.opensuse.org/opensuse-security/2012-03/msg00024.htmlhttp://www.openwall.com/lists/oss-security/2012/03/30/8http://www.openwall.com/lists/oss-security/2012/03/30/9http://www.openwall.com/lists/oss-security/2012/03/31/1http://www.openwall.com/lists/oss-security/2012/04/02/4http://www.openwall.com/lists/oss-security/2012/04/04/11http://www.openwall.com/lists/oss-security/2012/04/04/4http://www.openwall.com/lists/oss-security/2012/04/04/5http://www.openwall.com/lists/oss-security/2012/04/04/9http://www.osvdb.org/80641https://bugzilla.novell.com/show_bug.cgi?id=754273
2012-10-06
Published