Description
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
Remediation
References
Related Vulnerabilities
WordPress Plugin Student Result or Employee Database Security Bypass (1.6.3)
WordPress Plugin Photoracer 'id' Parameter SQL Injection (1.0)
MediaWiki Missing Authorization Vulnerability (CVE-2021-30155)
WordPress Plugin Newsletter Manager Multiple Cross-Site Scripting Vulnerabilities (1.0.1)
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)