Description

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

Remediation

References

CVE-2016-7048

Related Vulnerabilities

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3089)

WordPress Plugin Directories Pro Cross-Site Scripting (1.3.45)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3665)

WordPress Plugin PublishPress Future: Automatically Unpublish WordPress Posts Multiple Vulnerabilities (2.1.1)

SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1860)

Severity

High

Classification

CVE-2016-7048 CWE-284 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities