PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1901)

Description

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

Remediation

References

CVE-2013-1901

Related Vulnerabilities

Dot CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3688)

Drupal Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-9450)

WordPress Plugin WPFront User Role Editor Unspecified Vulnerability (2.14.1)

WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.3.0)

WordPress 4.6.x Possible SQL Injection Vulnerability (4.6 - 4.6.7)

Severity

Medium

Classification

CVE-2013-1901 CWE-264