Lucene search
RedhatCVELIST:CVE-2022-0959HistoryMar 16, 2022 - 2:03 p.m.
CVE-2022-0959
2022-03-1614:03:38
CWE-434
redhat
www.cve.org
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
CNA Affected
[
{
"product": "pgadmin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pgadmin 6.7"
}
]
}
]Related
nessus
nessus
SUSE SLES15 Security Update : pgadmin4 (SUSE-SU-2022:1541-1)
2022-05-05 00:00:00
osv
osv
CVE-2022-0959
2022-03-16 15:15:16
pgAdmin 4 Path Traversal vulnerability
2022-03-17 00:00:24
openvas
openvas
openSUSE: Security Advisory for pgadmin4 (SUSE-SU-2022:1541-1)
2022-05-17 00:00:00
Mageia: Security Advisory (MGASA-2022-0257)
2022-07-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1541-1)
2022-05-05 00:00:00
veracode
veracode
Path Traversal
2024-04-16 09:18:01
prion
prion
Cross site request forgery (csrf)
2022-03-16 15:15:00
github
github
pgAdmin 4 Path Traversal vulnerability
2022-03-17 00:00:24
suse
suse
Security update for pgadmin4 (important)
2022-05-04 00:00:00
redhatcve
redhatcve
CVE-2022-0959
2022-05-20 22:37:42
mageia
mageia
Updated pgadmin4 packages fix security vulnerability
2022-07-13 23:44:07
nvd
nvd
CVE-2022-0959
2022-03-16 15:15:16
cve
cve
CVE-2022-0959
2022-03-16 15:15:16