69 matches found
CVE-2025-56556
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...
Authorization Bypass Through User-Controlled SQL Primary Key
Overview intelliants/subrion is an open source php content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled SQL Primary Key via the Run SQL Query process. An attacker can obtain unauthorized access to restricted data or functions ...
Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool...
GHSA-H8WV-VV58-468H Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool...
PT-2025-37256
Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: An issue was discovered that allows authenticated administrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel to gain escalated privileges in the context...
CVE-2025-56556
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...
The vulnerability of the eval() function in Cloud Deployment modules and the Query Tool, a database management tool for pgAdmin 4, allows a hacker to execute arbitrary code.
The vulnerability of the eval function in the Cloud Deployment and Query Tool modules of the pgAdmin 4 database management tool is related to improper code generation during processing of endpoints like /sqleditor/querytool/download and /cloud/deploy, when the querycommited and highavailability...
ROS-20250424-12
A vulnerability in the eval function of the Cloud Deployment and Query Tool modules of the database management tool pgAdmin 4 is related to incorrect code generation control when processing endpoints /sqleditor/querytool/download and /cloud/deploy with querycommitted and highavailability...
📄 PgAdmin Query Tool Authenticated Remote Code Execution
This Metasploit module exploits a vulnerability in pgAdmin where an authenticated user can establish a connection to the query tool and send a specific payload in the querycommited POST parameter. This payload is directly executed via a Python eval statement, resulting in remote code execution in...
CVE-2025-2945
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...
Cross-site Scripting (XSS)
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Cross-site Scripting XSS in the measureText function, accessible via the Query Tool interface. An attacker can inject malicious scripts into the displayed output. PoC sql CREATE TABLE IF NOT EXISTS EXAMPLE...
Remote Code Execution (RCE)
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Remote Code Execution RCE in the Cloud Deployment with Google Provider module, which is accessible via the highavailability parameter to the /deploy endpoint and in the Query Tool interface, which is...
GHSA-G73C-FW68-PWX3 pgAdmin 4 Vulnerable to Remote Code Execution
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...
pgAdmin 4 Vulnerable to Remote Code Execution
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...
CVE-2025-2945
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...
CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...
CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...
CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...
CVE-2025-2945
CVE-2025-2945 affects pgAdmin 4 (versions 8.10–9.1). An authenticated user can trigger remote code execution by sending a crafted payload via the query_tool/download (query_commited) or cloud/deploy (high_availability) endpoints, which unsafe-pass data to Python eval(). Proofs of concept exist (a...
PT-2025-14613
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.2 Description The issue is a remote code execution security vulnerability in pgAdmin 4, affecting the Query Tool and Cloud Deployment modules. It is associated with two POST endpoints: "/sqleditor/query...