2 matches found
CVE-2026-7816 pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
CVE-2026-7816
The CVE-2026-7816 entry describes an OS command injection in pgAdmin 4 Import/Export query export. User input was directly interpolated into a psql \copy metacommand template without sanitization, allowing an authenticated user to inject commands to break out of the \copy context and execute arbi...