CVE-2016-7048

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

Published: Aug 20, 2018
Updated: Apr 13, 2023
CVE: CVE-2016-7048
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
postgresql / postgresql	9.4.0	9.4.10
postgresql / postgresql	9.5.0	9.5.5
postgresql / postgresql	-	9.1.24
postgresql / postgresql	9.2	9.2.19
postgresql / postgresql	9.3	9.3.15

https://bugzilla.redhat.com/show_bug.cgi?id=1378043
https://www.postgresql.org/support/security/

Vulnerability Database

289,599

CVE-2016-7048