While that would be bad, if it required a magic packet it would have limited impact -- lots of postgres databases don't talk to public networks.
Worse would be a vulnerability that you could trigger just by manipulating query parameters. Then almost every postgres-backed website would be vulnerable.
Worse would be a vulnerability that you could trigger just by manipulating query parameters. Then almost every postgres-backed website would be vulnerable.