[SECURITY] Fedora 40 Update: pgadmin4-8.4-1.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

PT-2024-5169 · Pgadmin +2 · Pgadmin +2

Name of the Vulnerable Software and Affected Versions: pgAdmin versions = 8.5 Description: The issue is related to a cross-site scripting XSS vulnerability in the /settings/store API response JSON payload. This vulnerability allows attackers to execute malicious scripts at the client end,...

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. An authenticated malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with application privileges. Because pgAdmin was developed as a management tool for PostgreSQL databases, it is therefore not rule out the...

The vulnerability of the pga4_session cookie file of the database management tool pgAdmin 4 allows a hacker to execute arbitrary code.

The vulnerability of the pga4session cookie file of the database management tool pgAdmin 4 is related to incorrect serialization. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

GHSA-RJ98-CRF4-G69W pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user

pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...

pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user

pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...

CVE-2024-2044

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

CVE-2024-2044

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

Path traversal

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

CVE-2024-2044

CVE-2024-2044 affects pgAdmin4

CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

pgAdmin Security Vulnerabilities

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin version 4 that stems from not setting trusted base paths that should not be escaped...

PT-2024-2008 · Pgadmin +2 · Pgadmin +2

Name of the Vulnerable Software and Affected Versions: pgAdmin versions prior to 8.4 Description: The issue is related to a path-traversal vulnerability in the session handling code of pgAdmin, which can lead to unsafe deserialization and remote code execution. This vulnerability can be exploited...

Fedora: Security Advisory (FEDORA-2024-9818cb2406)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20231011-01

A vulnerability in the HTTP API of the pgAdmin 4 database management tool is related to insufficient input data validation. verification of input data. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary commands on the server...

[SECURITY] Fedora 38 Update: pgadmin4-6.21-3.fc38

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. The vulnerability allows an authenticated malicious person to execute arbitrary code execute arbitrary code on the PostgreSQL server. The developers of pgAdmin have released updates to fix the vulnerability in pgAdmin 7.7. For more information, see:...

Remote Code Execution

pgadmin4 is vulnerable to Remote Code Execution. The vulnerability is caused by a missing validation in the pgAdmin server HTTP API - validatebinarypath that is used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. This can result in an...

pgAdmin Command Execution Vulnerability

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A command execution vulnerability exists in pgAdmin that stems from an inability to properly control server code executed on this API, which could be exploited by an authenticated attacker to ru...