Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PostgreSQL Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2016-5424 - Vulnerability Database
PostgreSQL

PostgreSQL Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2016-5424

High
Reference: CVE-2016-5424
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-5424
Title: PostgreSQL Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

PostgreSQL before 9.1.23 9.2.x before 9.2.18 9.3.x before 9.3.14 9.4.x before 9.4.9 and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) quot (double quote) (2) (backslash) (3) carriage return or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.