CVE-2007-3280

PostgreSQL 8.1 - Authenticated Remote Code Execution via Database Link Library

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-3280. PoCs published by denuwanjayasekara, midnitesnake, egypt, todb, lucipher, including Metasploit module exploits/linux/postgres/postgres_payload.

AI-analyzed exploit summary This repository contains detailed exploitation reports for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Services. It includes in-depth analysis, reproduction steps, and mitigation strategies, but no actual exploit code.

Description

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Exploits (2)

nomisec WRITEUP
by denuwanjayasekara · poc
https://github.com/denuwanjayasekara/CVE-Exploitation-Reports

This repository contains detailed exploitation reports for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Services. It includes in-depth analysis, reproduction steps, and mitigation strategies, but no actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Remote Desktop Services (RDS)
No auth needed
Prerequisites: Network access to vulnerable RDS service · Suitable exploit payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by midnitesnake, egypt, todb, lucipher · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/postgres/postgres_payload.rb

This Metasploit module exploits PostgreSQL's ability to load user-defined functions (UDFs) from shared libraries in /tmp, allowing arbitrary code execution via a compiled .so file uploaded through binary injection. It targets Linux systems with PostgreSQL installations where the postgres service account has write access to /tmp.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PostgreSQL (versions affected by CVE-2007-3280)
Auth required
Prerequisites: PostgreSQL credentials · Write access to /tmp directory · Ability to upload files via UPDATE pg_largeobject
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40901
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35145
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/471541/100/0/threaded

Scores

EPSS 0.2613
EPSS Percentile 97.7%

Details

Status published
Products (1)
postgresql/postgresql 8.1
Published Jun 19, 2007
Tracked Since Feb 18, 2026