Description

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Remediation

References

CVE-2016-5424

Related Vulnerabilities

TYPO3 Improper Input Validation Vulnerability (CVE-2013-7079)

WordPress Plugin Scroll To Top Cross-Site Scripting (1.4.0)

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-11581)

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-28347)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More SQL Injection (5.3.1)

Severity

High

Classification

CVE-2016-5424 CWE-94 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities