VYPR
Unrated severityNVD Advisory· Published Apr 4, 2013· Updated Jun 16, 2026

CVE-2013-1901

CVE-2013-1901

Description

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

22
  • cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*
    • (no CPE)range: 9.2.x < 9.2.4, 9.1.x < 9.1.9
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*+ 4 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
  • osv-coords3 versions
    < 9.3.15-1.1+ 2 more
    • (no CPE)range: < 9.3.15-1.1
    • (no CPE)range: < 9.4.10-1.1
    • (no CPE)range: < 9.5.4-1.2

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.