{"vulnerability": "CVE-2019-9193", "sightings": [{"uuid": "6f7e5940-512b-4938-a2f4-a6431e5afecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "exploited", "source": "https://www.exploit-db.com/exploits/46813", "content": "", "creation_timestamp": "2019-05-08T00:00:00.000000Z"}, {"uuid": "11c20e2f-3a19-4c60-a2e5-b3f1d22a95ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "833406bf-f5a7-4b92-8d5c-aaee4b360fb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "https://gist.github.com/Cristliu/78c75c8e09faf4558da2d1365411b407", "content": "", "creation_timestamp": "2025-09-26T17:09:48.000000Z"}, {"uuid": "20c11f5d-60c4-44c6-8f45-a4f2cafdbbe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:19.000000Z"}, {"uuid": "1f8d1123-7ec4-4d89-98e7-94801172a244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "https://gist.github.com/Silence0ne/b71ee76c7f8bc1759c6ca086e2386473", "content": "", "creation_timestamp": "2025-07-31T16:11:00.000000Z"}, {"uuid": "edd6915a-dcf5-4a7f-8977-66885bdb09a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "https://gist.github.com/gmh5225/56a03049c269e715bfc21a6b9fced8f0", "content": "", "creation_timestamp": "2025-12-19T16:41:46.000000Z"}, {"uuid": "0ff9aefc-3c4d-458f-a817-063fca2f6af2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "https://gist.github.com/Cristliu/7e08f8422b71c7c6cca02f2c8ad4c95e", "content": "", "creation_timestamp": "2025-09-30T17:54:15.000000Z"}, {"uuid": "06b855d9-8d75-440e-a1fe-16c04885245d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb", "content": "", "creation_timestamp": "2019-05-07T06:24:23.000000Z"}, {"uuid": "3847287c-0e5a-4db2-b6e2-7aed02d97326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "https://t.me/cyberbannews_ir/2318", "content": "\u200d \ud83d\uded1\u0627\u0646\u062a\u0634\u0627\u0631 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 PgMiner\n\n\u06a9\u0627\u0631\u0634\u0646\u0627\u0633\u0627\u0646 \u0634\u0631\u06a9\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u067e\u0627\u0644\u0648\u0622\u0644\u062a\u0648\u0646\u062a\u0648\u0631\u06a9 \u062f\u0631 \u06af\u0632\u0627\u0631\u0634\u06cc \u0627\u0639\u0644\u0627\u0645 \u06a9\u0631\u062f\u0646\u062f \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u06cc \u0628\u0647 \u0646\u0627\u0645 \u067e\u06cc\u200c\u062c\u06cc\u200c\u0645\u0627\u06cc\u0646\u0631 (PgMiner) \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u0645\u062a\u062e\u0635\u0635 \u0647\u06a9 \u067e\u0627\u06cc\u06af\u0627\u0647\u200c\u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0646\u0627\u0627\u0645\u0646 \u067e\u0633\u062a\u06af\u0631\u0633\u200c\u06a9\u06cc\u0648\u0627\u0644 (PostgreSQL) \u0627\u0633\u062a.\n\n\u0627\u06cc\u0646 \u0628\u0627\u062a\u200c\u0646\u062a \u0628\u0647\u200c\u0635\u0648\u0631\u062a \u062a\u0635\u0627\u062f\u0641\u06cc \u062f\u0627\u0645\u0646\u0647\u200c\u0627\u06cc \u0627\u0632 \u0622\u062f\u0631\u0633\u200c\u0647\u0627\u06cc IP \u0631\u0627 \u0627\u0646\u062a\u062e\u0627\u0628 \u06a9\u0631\u062f\u0647 \u0648 \u062a\u0645\u0627\u0645 \u0628\u062e\u0634\u200c\u0647\u0627\u06cc \u0622\u0646 \u0631\u0627 \u0628\u0631\u0627\u06cc \u06cc\u0627\u0641\u062a\u0646 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u0627 \u067e\u0648\u0631\u062a \u0628\u0627\u0632 5432 \u067e\u0627\u06cc\u06af\u0627\u0647 \u062f\u0627\u062f\u0647 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f. \n\n\u067e\u0633\u200c\u0627\u0632\u0627\u06cc\u0646\u06a9\u0647 \u067e\u06cc\u200c\u062c\u06cc\u200c\u0645\u0627\u06cc\u0646\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0641\u0639\u0627\u0644 \u067e\u0633\u062a\u06af\u0631\u0633\u200c\u06a9\u06cc\u0648\u0627\u0644 \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u0627\u0632 \u0645\u0631\u062d\u0644\u0647 \u0627\u0633\u06a9\u0646 \u0648\u0627\u0631\u062f \u062d\u0645\u0644\u0647 \u0628\u0631\u0648\u062a \u0641\u0648\u0631\u0633 \u0645\u06cc\u200c\u0634\u0648\u062f \u062a\u0627 \u0628\u0627 \u0641\u0647\u0631\u0633\u062a\u06cc \u0637\u0648\u06cc\u0644 \u0627\u0632 \u067e\u0633\u0648\u0631\u062f\u0647\u0627\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0644\u0627\u06af\u06cc\u0646 \u0648 \u067e\u0633\u0648\u0631\u062f \u062d\u0633\u0627\u0628 \u06a9\u0627\u0631\u0628\u0631\u06cc \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u067e\u0633\u062a\u06af\u0631\u0633\u200c\u06a9\u06cc\u0648\u0627\u0644 \u0631\u0627 \u062d\u062f\u0633 \u0628\u0632\u0646\u062f.\n\n\u0686\u0646\u0627\u0646\u0686\u0647 \u0645\u0627\u0644\u06a9 \u067e\u0627\u06cc\u06af\u0627\u0647 \u062f\u0627\u062f\u0647\u060c \u0641\u0631\u0627\u0645\u0648\u0634 \u06a9\u0631\u062f\u0647 \u0628\u0627\u0634\u062f \u0627\u06cc\u0646 \u062d\u0633\u0627\u0628 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0631\u0627 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0646\u062f \u06cc\u0627 \u067e\u0633\u0648\u0631\u062f \u0622\u0646 \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u062f\u060c \u0647\u06a9\u0631\u0647\u0627 \u0628\u0647 \u067e\u0627\u06cc\u06af\u0627\u0647 \u062f\u0627\u062f\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627\u06a9\u0631\u062f\u0647 \u0648 \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a COPY from PROGRAM \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u062a\u0627 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u062e\u0648\u062f \u0631\u0627 \u0628\u0627\u0644\u0627\u0628\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0633\u0631\u0648\u0631 \u0648 \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644 \u0622\u0646 \u0628\u0631\u0633\u0646\u062f. \n\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0634\u0646\u0627\u0633\u0647 \u00abCVE-2019-9193\u00bb \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u06cc\u0646 \u0642\u0627\u0628\u0644\u06cc\u062a \u0627\u0633\u062a \u06a9\u0647 \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0645\u062d\u0642\u0642\u0627\u0646 \u067e\u0633\u062a\u06af\u0631\u0633\u200c\u06a9\u06cc\u0648\u0627\u0644 \u0628\u0627\u06af \u0628\u0648\u062f\u0646 \u0622\u0646 \u0631\u0627 \u0631\u062f \u06a9\u0631\u062f\u0647 \u0628\u0648\u062f\u0646\u062f. \n\n\u0627\u067e\u0631\u0627\u062a\u0648\u0631\u0647\u0627\u06cc \u067e\u06cc\u200c\u062c\u06cc\u200c\u0645\u0627\u06cc\u0646\u0631 \u067e\u0633 \u0627\u0632 \u06a9\u0646\u062a\u0631\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0622\u0644\u0648\u062f\u0647\u060c \u062c\u0647\u062a \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0631\u0632 \u0645\u0648\u0646\u0631\u0648 \u062f\u0631 \u0633\u0631\u0648\u0631 \u0622\u0644\u0648\u062f\u0647 \u0645\u0627\u06cc\u0646\u0631 \u0646\u0635\u0628 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u0627\u06cc\u0646 \u0628\u0627\u062a\u200c\u0646\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0627\u06cc\u0646\u0631\u0647\u0627 \u0631\u0627 \u0641\u0642\u0637 \u0631\u0648\u06cc \u067e\u0644\u062a\u0641\u0631\u0645\u200c\u0647\u0627\u06cc Linux MIPS \u0648 ARM \u0648 x64 \u0646\u0635\u0628 \u06a9\u0646\u062f. \n\n#\u0628\u062f\u0627\u0641\u0632\u0627\u0631\n\n@cyberbannews_ir", "creation_timestamp": "2020-12-17T08:52:44.000000Z"}, {"uuid": "e1ef1a0a-792a-4e19-8419-e471b0688cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8694", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aPoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7)\nURL\uff1ahttps://github.com/AxthonyV/CVE-2019-9193\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-10-07T04:46:39.000000Z"}, {"uuid": "4fbc602f-e2c0-4b46-a9b1-df116a29a712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/detectors/rce/cve20199193", "content": "", "creation_timestamp": "2022-12-12T11:25:35.000000Z"}, {"uuid": "f4d4a739-a5ac-428b-81a6-0a98093ae9ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8692", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1ais a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in specific versions of PostgreSQL (9.3 - 11.7)\nURL\uff1ahttps://github.com/geniuszlyy/CVE-2019-9193\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-10-06T17:21:01.000000Z"}, {"uuid": "bac25761-fb26-4563-8711-fdf0894e881c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "seen", "source": "https://t.me/arpsyndicate/1568", "content": "#ExploitObserverAlert\n\nCVE-2019-9193\n\nDESCRIPTION: Exploit Observer has 40 entries related to CVE-2019-9193. In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for \u2018COPY TO/FROM PROGRAM\u2019 is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the \u2018COPY FROM PROGRAM\u2019.\n\nFIRST-EPSS: 0.972980000\nNVD-IS: 5.9\nNVD-ES: 1.2", "creation_timestamp": "2023-12-08T13:37:35.000000Z"}, {"uuid": "48246869-edf0-4201-b7e4-f9de7a824c98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-9193", "type": "published-proof-of-concept", "source": "https://t.me/b4ckc0nn3ct/66", "content": "#pentest #db #database\n\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f cve \u043d\u0430 postgres\n\n\u0440\u0443\u043a\u0430\u043c\u0438 \u043d\u0435 \u043f\u0440\u043e\u0431\u043e\u0432\u0430\u043b, \u043d\u043e \u0437\u0432\u0443\u0447\u0438\u0442 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e:\n\nhttps://rhaas.blogspot.com/2020/12/cve-2019-9193.html\n\n\u041a\u0441\u0442\u0430\u0442\u0438, \u043b\u044e\u0431\u043e\u0439 \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432 postgres \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043a\u0430\u043a \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c (grant people the pg_execute_server_programs role):\n\nhttps://pganalyze.com/blog/5mins-postgres-16-superuser-reserved-connections", "creation_timestamp": "2023-06-06T10:47:17.000000Z"}]}