phpPgAdmin <=4.2.1 - Local File Inclusion

phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. dot dot in the language parameter to index.php. id: CVE-2008-5587 info: name: phpPgAdmin =4.2.1 - Local File Inclusion author:...

phpPgAdmin <=4.1.1 - Cross-Site Scripting

phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, which are different vectors than CVE-2007-2865. id:...

Cross-site Scripting (XSS)

phpPgAdmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and encoding of user-supplied input from $REQUEST parameters across multiple components, which allows an attacker to inject and execute arbitrary JavaScript in users’ browsers...

SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-controlled input from the $REQUEST'query' parameter passed to the browseQuery function, which allows an attacker to execute arbitrary SQL commands and compromise the database...

SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied input from the $REQUEST'query' parameter without sanitization or parameterization, which allows an attacker to execute arbitrary SQL commands and compromise the database...

Access Control Bypass

phpPgAdmin is vulnerable to Improper Access Control. The vulnerability is due to lack of validation and access control on user-controlled parameters subject, server, database, queryid in sql.php, which allows an attacker to manipulate session variables and inject arbitrary SQL queries, potentiall...

CVE-2021-47853

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

SUSE CVE-2021-47853

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Linux Distros Unpatched Vulnerability : CVE-2021-47853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query...

phpPgAdmin contains a remote command execution vulnerability

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

GHSA-86GH-C8R8-XWHQ phpPgAdmin contains a remote command execution vulnerability

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2021-47853

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

DEBIAN-CVE-2021-47853

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2021-47853

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

EUVD-2026-3636

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2021-47853

...

CVE-2021-47853

Removed by vendor...

CVE-2021-47853

...

CVE-2021-47853

phpPgAdmin 7.13.0 is affected by a remote command execution vulnerability described in Red Hat CVE-2021-47853, where an authenticated attacker can manipulate SQL queries to run arbitrary operating system commands via COPY FROM PROGRAM after creating a table and uploading a crafted .txt file. This...

Number withdrawal

phpPgAdmin is an open-source application developed by phppgadmin. It is the leading web-based management tool for Postgres databases...