Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday45 views

pgAdmin < 6.17 - Unauthenticated Remote Code Execution

pgAdmin prior to 6.17 contains an insecure HTTP API caused by improper access control, letting unauthenticated users execute arbitrary external utilities via path manipulation, exploit requires no authentication. id: CVE-2022-4223 info: name: pgAdmin 6.17 - Unauthenticated Remote Code Execution...

8.8CVSS7.2AI score0.79933EPSS
Exploits0References2
NVD
NVD
added 2022/12/13 4:15 p.m.48 views

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

8.8CVSS0.79933EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.10 views

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

8.6AI score0.79933EPSS
Exploits0References2
CVE
CVE
added 2022/12/13 12:0 a.m.158 views

CVE-2022-4223

CVE-2022-4223 describes a remote code execution vulnerability in pgAdmin that affects versions prior to 6.17. An insecure HTTP API allows an unauthenticated user to pass a manipulated path (e.g., a UNC path) to the server, which could lead to the execution of an arbitrary executable on the pgAdmi...

8.8CVSS8.5AI score0.79933EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder