Description
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Remediation
References
Related Vulnerabilities
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33926)
Django Incorrect Regular Expression Vulnerability (CVE-2018-7537)
Jenkins Improper Input Validation Vulnerability (CVE-2013-0331)
WordPress Plugin WP Mail Logging Multiple Unspecified Vulnerabilities (1.5.0)
WordPress Plugin leads5050-visitor-insights Security Bypass (1.0.5)