Vulners
Lucene search
CVE-2024-2044
| Reporter | Title | Published | Views | Family All 28 |
|---|---|---|---|---|
 | pgAdmin 8.3 Remote Code Execution Exploit | 17 Apr 202400:00 | – | zdt |
 | CVE-2024-2044 | 7 Mar 202422:27 | – | circl |
 | pgAdmin Security Vulnerabilities | 7 Mar 202400:00 | – | cnnvd |
 | CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4 | 7 Mar 202420:48 | – | cvelist |
 | [SECURITY] Fedora 40 Update: python-jsonformatter-0.3.2-2.fc40 | 23 Mar 202400:50 | – | fedora |
| [SECURITY] Fedora 40 Update: pgadmin4-8.4-1.fc40 | 23 Mar 202400:50 | – | fedora |
 | Fedora 40 : pgadmin4 / python-jsonformatter (2024-15df3b6d95) | 29 Apr 202400:00 | – | nessus |
| SUSE SLES15 / openSUSE 15 Security Update : pgadmin4 (SUSE-SU-2024:1340-1) | 19 Apr 202400:00 | – | nessus |
 | pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user | 7 Mar 202421:30 | – | github |
 | pgAdmin Session Deserialization RCE | 17 Apr 202419:51 | – | metasploit |
10
Node
[
{
"defaultStatus": "affected",
"modules": [
"User Session"
],
"product": "pgAdmin 4",
"programFiles": [
"https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/utils/session.py"
],
"repo": "https://github.com/pgadmin-org/pgadmin4",
"vendor": "pgadmin.org",
"versions": [
{
"lessThan": "8.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| csrf_token | request body | authenticate/login | Authenticated path traversal/deserialization via login flow enabling payload upload and execution | CWE-31 |
| request body | authenticate/login | Authenticated path traversal/deserialization via login flow enabling payload upload and execution | CWE-31 | |
| password | request body | authenticate/login | Authenticated path traversal/deserialization via login flow enabling payload upload and execution | CWE-31 |
| language | request body | authenticate/login | Authenticated path traversal/deserialization via login flow enabling payload upload and execution | CWE-31 |
| internal_button | request body | authenticate/login | Authenticated path traversal/deserialization via login flow enabling payload upload and execution | CWE-31 |
| dialog_type | request body | file_manager/init | Initialization for file management path used in payload delivery | CWE-31 |
| supported_types | request body | file_manager/init | Initialization for file management path used in payload delivery | CWE-31 |
| dialog_title | request body | file_manager/init | Initialization for file management path used in payload delivery | CWE-31 |
| newfile | multipart/form-data upload | file_manager/filemanager/{trans_id}/ | Upload of serialized payload triggering path traversal deserialization | CWE-31 |
| mode | multipart/form-data upload | file_manager/filemanager/{trans_id}/ | Upload of serialized payload triggering path traversal deserialization | CWE-31 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Sep 2025 14:55Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.9
EPSS0.83473
SSVC