CVE-2024-2044

🗓️ 07 Mar 2024 20:48:10Reported by PostgreSQLType

cve🔗 web.nvd.nist.gov👁 143 Views🌐 WEB

pgAdmin 4 file-based session management vulnerability in versions prior to 8.4 allows arbitrary file acces

Reporter	Title	Published	Views	Family All 31
0day.today	pgAdmin 8.3 Remote Code Execution Exploit	17 Apr 202400:00	–	zdt
BDU FSTEC	The vulnerability of the pga4_session cookie file of the database management tool pgAdmin 4 allows a hacker to execute arbitrary code.	11 Mar 202400:00	–	bdu_fstec
Circl	CVE-2024-2044	7 Mar 202422:27	–	circl
CNNVD	pgAdmin Security Vulnerabilities	7 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4	7 Mar 202420:48	–	cvelist
Fedora	[SECURITY] Fedora 40 Update: python-jsonformatter-0.3.2-2.fc40	23 Mar 202400:50	–	fedora
Fedora	[SECURITY] Fedora 40 Update: pgadmin4-8.4-1.fc40	23 Mar 202400:50	–	fedora
Tenable Nessus	Fedora 40 : pgadmin4 / python-jsonformatter (2024-15df3b6d95)	29 Apr 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : pgadmin4 (SUSE-SU-2024:1340-1)	19 Apr 202400:00	–	nessus
Github Security Blog	pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user	7 Mar 202421:30	–	github

NVD

Node

pgadmin pgadmin_4Range<8.4postgresql

Node

fedoraproject fedoraMatch40

[
  {
    "defaultStatus": "affected",
    "modules": [
      "User Session"
    ],
    "product": "pgAdmin 4",
    "programFiles": [
      "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/utils/session.py"
    ],
    "repo": "https://github.com/pgadmin-org/pgadmin4",
    "vendor": "pgadmin.org",
    "versions": [
      {
        "lessThan": "8.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/pgadmin-org/pgadmin4/issues/7258
shielder	www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/

Parameter	Position	Path	Description	CWE
csrf_token	request body	/authenticate/login	Authenticated login used to upload a payload via the file management plugin as part of the path traversal/deserialization flow	CWE-22, CWE-287, CWE-79
email	request body	/authenticate/login	Authenticated login used to upload a payload via the file management plugin as part of the path traversal/deserialization flow	CWE-22, CWE-287, CWE-79
password	request body	/authenticate/login	Authenticated login used to upload a payload via the file management plugin as part of the path traversal/deserialization flow	CWE-22, CWE-287, CWE-79
pga4_session	header	/login	Trigger deserialization by delivering a crafted path via the pga4_session cookie	CWE-22, CWE-287, CWE-79
dialog_type	request body	/file_manager/init	Initialize a file manager transaction used for payload storage/upload	CWE-22, CWE-287, CWE-79
supported_types	request body	/file_manager/init	Initialize a file manager transaction used for payload storage/upload	CWE-22, CWE-287, CWE-79
dialog_title	request body	/file_manager/init	Initialize a file manager transaction used for payload storage/upload	CWE-22, CWE-287, CWE-79
mode	request body	/file_manager/filemanager/{trans_id}/	Upload or delete a serialized payload through the file manager, enabling traversal/deserialization	CWE-22, CWE-287, CWE-79
path	request body	/file_manager/filemanager/{trans_id}/	Upload or delete a serialized payload through the file manager, enabling traversal/deserialization	CWE-22, CWE-287, CWE-79
storage_folder	request body	/file_manager/filemanager/{trans_id}/	Upload or delete a serialized payload through the file manager, enabling traversal/deserialization	CWE-22, CWE-287, CWE-79

17 Jun 2026 07:23Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.9

EPSS0.79326

SSVC

CWE-31