HIGH🇵🇱 Wersja polska

CVE-2026-49498

CVSS 8.7v4.0pub. 2026-06-10upd. 2026-06-11

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain full database control.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Nsa Ghidra

    APP
    Nsa
    11.0 – 12.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-22671CRITICAL9.8ten sam produkt

Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eva...

CVE-2019-16941CRITICAL9.8ten sam produkt

NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML F...

CVE-2019-13625CRITICAL9.1ten sam produkt

NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrate...

CVE-2026-52750HIGH8.4ten sam produkt

Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd....

CVE-2026-52751HIGH8.6ten sam produkt

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connecti...