PT-2023-2031 · Pgadmin 4 +3 · Pgadmin 4 +3

Name of the Vulnerable Software and Affected Versions: pgAdmin 4 versions prior to v6.19 Description: The issue is related to a directory traversal vulnerability in pgAdmin 4. This vulnerability can be exploited by a remote attacker to change another user's settings or alter the database. The...

[SECURITY] Fedora 37 Update: pgadmin4-6.18-2.fc37

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-496439cbdd)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

pgAdmin 4 vulnerable to open redirect

Overview pgAdmin 4 provided by pgAdmin Project contains an open redirect vulnerability CWE-601. SHIGA TAKUMA of BroadBand Security, Inc. and Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

JVN#03832974: pgAdmin 4 vulnerable to open redirect

pgAdmin 4 provided by pgAdmin Project contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the softwar...

pgAdmin 输入验证错误漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in versions prior to pgAdmin 4 v6.14, which originates from when a specially crafted URL is accessed, the user may be redirected to an arbitrary website and t...

[SECURITY] Fedora 37 Update: pgadmin4-6.17-2.fc37

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora: Security Advisory for pgadmin4 (FEDORA-2022-2d5a6f48e1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Remote Code Execution (RCE)

pgadmin4 is vulnerable to remote code execution. The vulnerability exists in validatebinarypath function of init.py due to lack of validation of the binary path which allows an attacker to inject and execute malicious query parameters via the pgAdmin server...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

Path traversal

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

CVE-2022-4223

CVE-2022-4223 describes a remote code execution vulnerability in pgAdmin that affects versions prior to 6.17. An insecure HTTP API allows an unauthenticated user to pass a manipulated path (e.g., a UNC path) to the server, which could lead to the execution of an arbitrary executable on the pgAdmi...

pgAdmin 4 Remote Code Execution Vulnerability

pgAdmin 4 is a reliable and comprehensive database design and management software for PostgreSQL. A remote code execution vulnerability exists in pgAdmin 4. The vulnerability is required in Windows environments where, due to lax privilege checks by the developer, an attacker can exploit the...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

PT-2022-26318

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 6.17 Description The pgAdmin server includes an HTTP API intended to validate the path a user selects to external PostgreSQL utilities such as pg dump and pg restore. This API is used to determine the PostgreSQL versi...

pgAdmin 代码问题漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin4 that originates from an application loading a DLL via python 2.7.13 that may load the wrong DLL file. An attacker can exploit this vulnerability t...

pgAdmin 4 Path Traversal vulnerability

When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques...