Arbitrary Code Execution via Interactive Installer in PostgreSQL

Arbitrary Code Execution via Interactive Installer in PostgreSQL

CVE-2016-7048 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.