CVE-2010-3781

Name of the Vulnerable Software and Affected Versions PostgreSQL PL/php add-on version 1.4 and earlier

Description The issue allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function. This is related to improper protection of script execution by a different SQL user identity within the same session.

Recommendations For PL/php add-on version 1.4 and earlier, consider restricting the use of SECURITY DEFINER functions until a patch is available. As a temporary workaround, limit the execution of script code to the intended SQL user identity to minimize the risk of exploitation.