I've read a fair few questions on password salting and mostly they cover the stuff that (I think) I already understand. That is; the point of including a random salt in your password hashes is firstly to prevent two hashes being the same even when the password is the same. And secondly to thwart rainbow table attacks that match hashes against a precompiled list (because none of the precompiled hashes used the salts you have used, so a new rainbow table would need to be generated for each salt/hash). Feel free to correct me if I've misunderstood any of that.
Now my question: If an attacker has access to your hashes (the scenario we're protecting against) then that means they're accessing your database. That being the case surely it doesn't matter what the hash is, they can just replace it with whatever they want?
Read access to a database does not imply write access to the database.
So yes, if an attacker can update the password hash to a known hashed password + salt, then the attacker can gain access to a specific account. But dumps of password hashes can come from places other than direct database access.