VDB
CVE-2022-2625
CVE-2022-2625
PUBLISHED
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
EPSS 0.97% · 77.1th percentile
Risk Scores
EPSS Score
0.97%
77.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | postgresql | 10.0.0, 12.0.0, 13.0.0 |
| Bitnami | postgresql | 11.0.0, 12.0.0, 13.0.0 |
Exploit Intelligence
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Proof of concept for CVE-2016-8858 (github-poc)
- Proof of concept for CVE-2016-8858 (github-poc)
- Proof of concept for CVE-2016-8858 (github-poc)
…and 982 more exploits
Timeline
- Apr 30, 2017 PoC Published
- Jun 28, 2021 PoC Published
- Apr 22, 2022 PoC Published
- Aug 11, 2022 CVE Published
- Aug 19, 2022 EPSS Score
- Oct 4, 2022 EPSS Score
- Nov 19, 2022 EPSS Score
- Feb 18, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 5, 2023 EPSS Score
- May 21, 2023 EPSS Score
- Jun 9, 2023 PoC Published