Description
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Statistics SQL Injection (9.4)
WordPress Plugin WP Maintenance Mode & Site Under Construction Security Bypass (1.8.1)
Drupal Improper Input Validation Vulnerability (CVE-2015-3234)
WordPress 6.2.x Multiple Vulnerabilities (6.2 - 6.2.5)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-9664)