cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-26520,https://securityvulnerability.io/vulnerability/CVE-2022-26520,File Manipulation Vulnerability in pgjdbc Driver Affecting Applications,"A vulnerability exists in the pgjdbc JDBC driver prior to version 42.3.3 that allows an attacker with control over the JDBC URL or properties to exploit the loggerFile and loggerLevel connection properties. This can result in the ability to write arbitrary files to the system, including creating executable JSP files within a Tomcat web root. While the vendor asserts that the risk lies with any application using the pgjdbc driver with untrusted connection properties, it highlights the importance of securing application configurations to prevent unauthorized file access and execution.",Postgresql,Postgresql Jdbc Driver,9.8,CRITICAL,0.0030499999411404133,false,,false,false,false,,,false,false,,2022-03-10T17:47:00.000Z,0
CVE-2022-21724,https://securityvulnerability.io/vulnerability/CVE-2022-21724,Unchecked Class Instantiation when providing Plugin Classes,"pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.",Postgresql,Postgresql Jdbc Driver,7,HIGH,0.00949000008404255,false,,false,false,false,,,false,false,,2022-02-02T11:48:52.000Z,0
CVE-2020-13692,https://securityvulnerability.io/vulnerability/CVE-2020-13692,PostgreSQL JDBC Driver Vulnerability in PgJDBC,"The PostgreSQL JDBC Driver, also known as PgJDBC, is at risk of XML External Entity (XXE) injection due to improper handling of XML input in versions prior to 42.2.13. This flaw could allow an attacker to exploit the application’s parsing of XML data, potentially resulting in unauthorized access to sensitive data and services. It is recommended to update to version 42.2.13 or later to mitigate this vulnerability.",Postgresql,Postgresql Jdbc Driver,7.7,HIGH,0.010470000095665455,false,,false,false,false,,,false,false,,2020-06-04T15:07:37.000Z,0
CVE-2012-1618,https://securityvulnerability.io/vulnerability/CVE-2012-1618,,"Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the ""standard_conforming_strings"" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks.  NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.",Postgresql,"Postgresql,Postgresql Jdbc Driver",,,0.00622999994084239,false,,false,false,false,,,false,false,,2012-10-06T22:00:00.000Z,0