The SQL injection allowed the attacker to freely use psql, an interactive interface that comes with PostgreSQL, and to not only access the database but also enter arbitrary system commands via psql.