Pgadmin 4@* Security Vulnerabilities and Issues — Pgadmin 4@* CVE List

Lucene search

PgadminPgadmin 4*

7 matches found

CVE•added 2023/09/22 2:15 p.m.•2551 views

CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authentica...

8.8CVSS7.2AI score0.17333EPSS

CVE•added 2023/03/27 9:15 p.m.•141 views

CVE-2023-0241

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.

6.5CVSS6.2AI score0.00467EPSS

CVE•added 2022/12/13 4:15 p.m.•122 views

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

8.8CVSS8.5AI score0.76881EPSS

CVE•added 2024/04/04 3:15 p.m.•119 views

CVE-2024-3116

pgAdmin

9.8CVSS9AI score0.90682EPSS

CVE•added 2022/03/16 3:15 p.m.•105 views

CVE-2022-0959

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

6.5CVSS6.2AI score0.00496EPSS

CVE•added 2023/01/17 10:15 a.m.•95 views

CVE-2023-22298

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

6.1CVSS6.1AI score0.00473EPSS

CVE•added 2025/04/03 1:15 p.m.•69 views

CVE-2025-2946

pgAdmin

9.1CVSS7.3AI score0.00037EPSS