Description
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2005-3438)
WordPress Plugin WP Database Backup Cross-Site Request Forgery (5.1.2)
Drupal Core 8.3.0 Security Bypass (8.3.0)
WordPress Plugin Advanced Access Manager Unspecified Vulnerability (5.9.8.1)
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-5131)