How severe is CVE-2020-10733?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2020-10733?

This is classified as CWE-426, which is a common weakness in software security.

CVE-2020-10733 - HIGH Severity | CVSS 7.3

Vulnerability Description

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.

Related Vulnerabilities

CVE-2016-0018

HIGH

CVSS:7.3(High)

Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ...

CWE-4262016

CVE-2016-10009

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-so...

CWE-4262016

CVE-2016-1014

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain priv...

CWE-4262016

CVE-2017-11657

HIGH

CVSS:7.3(High)

Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.

CWE-4262017

CVE-2017-2157

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification...

CWE-4262017

CVE-2017-6189

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working dir...

CWE-4262017