292 matches found
UBUNTU-CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
UBUNTU-CVE-2025-60798
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...
CVE-2025-60796
CVE-2025-60796 affects phpPgAdmin 7.13.0 and earlier, with multiple reflected XSS vulnerabilities across components (e.g., sequences.php, indexes.php, admin.php, and other files). User input from $_REQUEST is echoed into HTML without proper encoding or sanitization, enabling attackers to execute ...
CVE-2025-60799
phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...
CVE-2025-60799
The CVE-2025-60799 issue affects phpPgAdmin
CVE-2025-60798
CVE-2025-60798 affects phpPgAdmin 7.13.0 and earlier. The vulnerability is a SQL injection in display.php (line 396) where user-controlled input from $_REQUEST['query'] is passed directly to browseQuery without sanitization. An authenticated attacker can manipulate the query to execute arbitrary ...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection in dataexport.php (line 118) where user-supplied queries from $_REQUEST['query'] are executed directly, without sanitization or parameterization, via $data->conn->Execute($_REQUEST['query']). An authenticated attacker could run arbitrar...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
phpPgAdmin 安全漏洞
phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and prior versions, which stems from a lack of proper authentication or access control checks in sql.php and could lead to session...
phpPgAdmin 安全漏洞
phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and earlier versions, which stems from a failure to properly clean up user input in display.php and could lead to a SQL injection...
CVE-2025-60798
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...
phpPgAdmin 安全漏洞
phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and earlier versions, which stems from the lack of cleanup or parameterization of user input in dataexport.php, which could lead t...
CVE-2025-60796
phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...
CVE-2025-60796
phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
phpPgAdmin 安全漏洞
phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and prior versions, which stems from multiple components that do not properly encode or clean up user input, and could lead to a...
PT-2025-47584
Name of the Vulnerable Software and Affected Versions phpPgAdmin versions 7.13.0 and earlier Description The application does not properly validate or control access to user-controlled parameters 'subject','server','database','queryid' in sql.php at lines 68-76, allowing unauthorized manipulation...
PT-2025-47581
phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $ REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php,...
CVE-2025-60798
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...