508 matches found
pgAdmin Command Execution Vulnerability
pgAdmin is an open source management and development platform for the open source database PostgreSQL. A command execution vulnerability exists in pgAdmin that stems from an inability to properly control server code executed on this API, which could be exploited by an authenticated attacker to ru...
SUSE CVE-2023-5002
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...
GHSA-GHP8-52VX-77J4 pgAdmin failed to properly control the server code
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an...
pgAdmin failed to properly control the server code
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an...
CVE-2023-5002
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...
CVE-2023-5002
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...
CVE-2023-5002
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...
Design/Logic Flaw
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...
CVE-2023-5002 Pgadmin4: remote code execution by an authenticated user
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...
CVE-2023-5002
CVE-2023-5002 affects pgAdmin’s server HTTP API where path validation for external PostgreSQL utilities (e.g., pg_dump/pg_restore) was insufficient. An authenticated user could cause the server to execute arbitrary commands due to improper control of server-side code. Reports across multiple sour...
pgAdmin 安全漏洞
pgAdmin is an open source management and development platform for the open source database PostgreSQL. A command execution vulnerability exists in pgAdmin that stems from an inability to properly control server code executed on this API, which could be exploited by an authenticated attacker to ru...
SUSE SLES15 / openSUSE 15 Security Update : pgadmin4 (SUSE-SU-2023:1877-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1877-1 advisory. - pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another...
PT-2023-9834 · Pgadmin +2 · Pgadmin +2
Name of the Vulnerable Software and Affected Versions: pgadmin affected versions not specified Description: A vulnerability was found in pgadmin, where users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection...
The vulnerability of the Server mode setting in the pgAdmin 4 database management tool allows a hacker to alter the settings of another user or the database itself.
The vulnerability of the Server mode of the pgAdmin 4 database management tool is related to shortcomings in the name restriction of the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to alter the settings of another user or the database...
GHSA-9CRJ-HPXH-F6QG pgAdmin 4 vulnerable to directory traversal
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...
pgAdmin 4 vulnerable to directory traversal
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...
CVE-2023-0241
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...
CVE-2023-0241
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...
Directory traversal
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...
CVE-2023-0241
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...