Description
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Remediation
References
Related Vulnerabilities
WordPress Plugin ABASE Multiple Vulnerabilities (2.6)
Plone CMS CVE-2017-1000483 Vulnerability (CVE-2017-1000483)
WordPress Plugin Revive Old Post-Auto Post to Social Media 'cat' Parameter SQL Injection (3.2.5)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8155)
WordPress Plugin Timetable and Event Schedule by MotoPress Unspecified Vulnerability (2.4.3)