CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

CVE-2025-60799

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

PT-2025-47583

Name of the Vulnerable Software and Affected Versions phpPgAdmin versions 7.13.0 and earlier Description phpPgAdmin versions 7.13.0 and earlier contain a SQL injection issue in the display.php file at line 396. The application directly uses user-provided input from the query parameter in the $...

PT-2025-47582

Name of the Vulnerable Software and Affected Versions phpPgAdmin versions 7.13.0 and earlier Description phpPgAdmin versions 7.13.0 and earlier contain a SQL injection issue in the dataexport.php file at line 118. The application directly executes user-supplied SQL queries from the $ REQUEST'quer...

EUVD-2012-1614

Malware in sbrugna...

EUVD-2007-2857

Malware in sbrugna...

EUVD-2019-2537

Malware in sbrugna...

EUVD-2007-5699

Malware in sbrugna...

EUVD-2001-0475

Malware in sbrugna...

EUVD-2011-3557

Malware in sbrugna...

EUVD-2008-5562

Malware in sbrugna...

EUVD-2023-45175

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-10784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area,...

Linux Distros Unpatched Vulnerability : CVE-2023-40619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directl...

OPENSUSE-SU-2024:13400-1 phpPgAdmin-7.14.6-1.1 on GA media

These are all security issues fixed in the phpPgAdmin-7.14.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12194-1 phpPgAdmin-7.13.0-2.1 on GA media

These are all security issues fixed in the phpPgAdmin-7.13.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10035-1 phpPgAdmin-5.1-5.1 on GA media

These are all security issues fixed in the phpPgAdmin-5.1-5.1 package on the GA media of openSUSE Tumbleweed...

Deserialization Of Untrusted Data

phpPgAdmin is vulnerable to a deserialization flaw in untrusted data, potentially leading to remote code execution. The vulnerability is due to user-controlled data being directly passed to the PHP 'unserialize' function in multiple instances. For example, the 'ma' POST parameter in the...