Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-5002
HistorySep 22, 2023 - 2:15 p.m.

Design/Logic Flaw

2023-09-2214:15:00
PRIOn knowledge base
www.prio-n.com
11
design flaw
security vulnerability
pgadmin
http api
arbitrary commands

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

22.1%

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

CPENameOperatorVersion
fedoraeq37
fedoraeq38
pgadminlt7.7

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

22.1%