Description
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
Remediation
References
Related Vulnerabilities
WordPress Plugin Integration for Contact Form 7 and Pipedrive Cross-Site Scripting (1.0.9)
MySQL NULL Pointer Dereference Vulnerability (CVE-2021-22570)
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2694)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.10.3)
WordPress Plugin CMS Tree Page View Multiple Vulnerabilities (1.4)