Description
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.1.13)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7950)
WordPress Plugin JetWidgets For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.0.8)
MySQL CVE-2019-2513 Vulnerability (CVE-2019-2513)
WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.4.0)