Lucene search
+L

69 matches found

RedhatCVE
RedhatCVE
added 2025/09/13 12:31 a.m.8 views

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

6.5CVSS7.6AI score0.00187EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/11 9:31 p.m.7 views

Authorization Bypass Through User-Controlled SQL Primary Key

Overview intelliants/subrion is an open source php content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled SQL Primary Key via the Run SQL Query process. An attacker can obtain unauthorized access to restricted data or functions ...

6.9CVSS7.1AI score0.00187EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/09/11 9:31 p.m.12 views

Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool...

3.8CVSS7.3AI score0.00187EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/09/11 9:31 p.m.5 views

GHSA-H8WV-VV58-468H Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool...

6.5CVSS7.2AI score0.00187EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.6 views

PT-2025-37256

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: An issue was discovered that allows authenticated administrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel to gain escalated privileges in the context...

6.5CVSS6.8AI score0.00187EPSS
Exploits1References6
OSV
OSV
added 2025/09/11 12:0 a.m.5 views

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

3.8CVSS7.6AI score0.00187EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.8 views

The vulnerability of the eval() function in Cloud Deployment modules and the Query Tool, a database management tool for pgAdmin 4, allows a hacker to execute arbitrary code.

The vulnerability of the eval function in the Cloud Deployment and Query Tool modules of the pgAdmin 4 database management tool is related to improper code generation during processing of endpoints like /sqleditor/querytool/download and /cloud/deploy, when the querycommited and highavailability...

9.9CVSS8.4AI score0.46222EPSS
Exploits8References8Affected Software2
Redos
Redos
added 2025/04/24 12:0 a.m.16 views

ROS-20250424-12

A vulnerability in the eval function of the Cloud Deployment and Query Tool modules of the database management tool pgAdmin 4 is related to incorrect code generation control when processing endpoints /sqleditor/querytool/download and /cloud/deploy with querycommitted and highavailability...

9.9CVSS7.5AI score0.46222EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.313 views

📄 PgAdmin Query Tool Authenticated Remote Code Execution

This Metasploit module exploits a vulnerability in pgAdmin where an authenticated user can establish a connection to the query tool and send a specific payload in the querycommited POST parameter. This payload is directly executed via a Python eval statement, resulting in remote code execution in...

9.9CVSS9.6AI score0.46222EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2025/04/05 12:37 p.m.30 views

CVE-2025-2945

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS8.6AI score0.46222EPSS
Exploits8References4
Snyk
Snyk
added 2025/04/03 3:31 p.m.3 views

Cross-site Scripting (XSS)

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Cross-site Scripting XSS in the measureText function, accessible via the Query Tool interface. An attacker can inject malicious scripts into the displayed output. PoC sql CREATE TABLE IF NOT EXISTS EXAMPLE...

9.1CVSS5.3AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/03 3:31 p.m.7 views

Remote Code Execution (RCE)

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Remote Code Execution RCE in the Cloud Deployment with Google Provider module, which is accessible via the highavailability parameter to the /deploy endpoint and in the Query Tool interface, which is...

9.9CVSS8AI score0.46222EPSS
Exploits8References2
OSV
OSV
added 2025/04/03 3:31 p.m.11 views

GHSA-G73C-FW68-PWX3 pgAdmin 4 Vulnerable to Remote Code Execution

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS8.4AI score0.46222EPSS
Exploits8References4
Github Security Blog
Github Security Blog
added 2025/04/03 3:31 p.m.29 views

pgAdmin 4 Vulnerable to Remote Code Execution

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS8.4AI score0.46222EPSS
Exploits8References4Affected Software1
NVD
NVD
added 2025/04/03 1:15 p.m.16 views

CVE-2025-2945

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS0.46222EPSS
Exploits8References1
Vulnrichment
Vulnrichment
added 2025/04/03 12:23 p.m.55 views

CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS8.4AI score0.46222EPSS
Exploits8References1
OSV
OSV
added 2025/04/03 12:23 p.m.86 views

CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS7.7AI score0.46222EPSS
Exploits8References4
Cvelist
Cvelist
added 2025/04/03 12:23 p.m.42 views

CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS0.46222EPSS
Exploits8References1
CVE
CVE
added 2025/04/03 12:23 p.m.303 views

CVE-2025-2945

CVE-2025-2945 affects pgAdmin 4 (versions 8.10–9.1). An authenticated user can trigger remote code execution by sending a crafted payload via the query_tool/download (query_commited) or cloud/deploy (high_availability) endpoints, which unsafe-pass data to Python eval(). Proofs of concept exist (a...

9.9CVSS8.4AI score0.46222EPSS
Exploits8References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/27 12:0 a.m.17 views

PT-2025-14613

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.2 Description The issue is a remote code execution security vulnerability in pgAdmin 4, affecting the Query Tool and Cloud Deployment modules. It is associated with two POST endpoints: "/sqleditor/query...

9.9CVSS10AI score0.46222EPSS
Exploits8References58
Rows per page
Query Builder