SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied input from the $REQUEST'query' parameter without sanitization or parameterization, which allows an attacker to execute arbitrary SQL commands and compromise the database...

SUSE CVE-2021-47853

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

GHSA-86GH-C8R8-XWHQ phpPgAdmin contains a remote command execution vulnerability

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

DEBIAN-CVE-2025-60799

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

EUVD-2007-5699

Malware in sbrugna...

EUVD-2019-2537

Malware in sbrugna...

EUVD-2023-45175

Malicious code in bioql PyPI...

CVE-2023-40619

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the...

PT-2023-5455 · Unknown · Phppgadmin

Name of the Vulnerable Software and Affected Versions: phpPgAdmin versions 7.14.4 and earlier Description: The issue is related to the unserialize function in the phpPgAdmin web tool for administering PostgreSQL databases, which is vulnerable due to shortcomings in the deserialization mechanism...

SUSE CVE-2011-3598

Multiple cross-site scripting XSS vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via 1 a web page title, related to classes/Misc.php; or the 2 returnurl or 3 returndesc parameter to display.php...

Cross-site Request Forgery (CSRF)

Overview phppgadmin/phppgadmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies, and hosting services. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. Multiple areas within the application allows sensitive actions t...

CVE-2012-1600

Multiple cross-site scripting XSS vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 type of a function...

CVE-2008-5587

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when registerglobals is enabled, allows remote attackers to read arbitrary files via a .. dot dot in the language parameter to index.php...

CVE-2005-2256

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...

CVE-2005-2256

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...

CVE-2001-0479

Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. dot dot in an argument to the sql.php script...

CVE-2001-0479

Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. dot dot in an argument to the sql.php script...