In the pgpartman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set.
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:pgxn:pg_partman:*:*:*:*:*:postgresql:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.5.1"
}
]
}