CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

CVE-2024-2044

CVE-2024-2044 affects pgAdmin4

ROS-20231011-01

A vulnerability in the HTTP API of the pgAdmin 4 database management tool is related to insufficient input data validation. verification of input data. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary commands on the server...

SUSE SLES15 / openSUSE 15 Security Update : pgadmin4 (SUSE-SU-2023:1877-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1877-1 advisory. - pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another...

pgAdmin 4 vulnerable to directory traversal

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

CVE-2023-0241

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

CVE-2023-0241

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

CVE-2023-0241

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

SUSE CVE-2023-0241

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

Fedora 36 : pgadmin4 (2023-0334c6000a)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0334c6000a advisory. Update to pgadmin4-6.19. ---- Backport fix for CVE-2023-22298. Tenable has extracted the preceding description block directly from the Fedora securi...

JVN#01398015: pgAdmin 4 vulnerable to directory traversal

PostgreSQL management tool pgAdmin 4 contains a directory traversal vulnerability CWE-22. Impact A user of the product may change another user's settings or alter the database. Solution Update the Software Update the software to the latest version according to the information provided by the...

pgAdmin 4 Open Redirect vulnerability

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

CVE-2023-22298

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

CVE-2023-22298

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

Open redirect

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

CVE-2023-22298

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

CVE-2023-22298

CVE-2023-22298 is an open redirect vulnerability in pgAdmin 4 prior to version 6.14. An unauthenticated remote attacker can lure a user to click a specially crafted URL, redirecting them to an arbitrary site and enabling phishing. Affected software is pgAdmin 4; the root cause is an improper redi...

PT-2023-18407 · Pgadmin 4 +3 · Pgadmin 4 +3

Name of the Vulnerable Software and Affected Versions: pgAdmin 4 versions prior to v6.14 Description: The issue allows a remote unauthenticated attacker to redirect a user to an arbitrary web site, potentially conducting a phishing attack by having the user access a specially crafted URL...

CVE-2023-22298

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

pgAdmin 4 vulnerable to open redirect

Overview pgAdmin 4 provided by pgAdmin Project contains an open redirect vulnerability CWE-601. SHIGA TAKUMA of BroadBand Security, Inc. and Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...