CVE-2019-10784

CVE-2019-10784 affects phpPgAdmin up to version 7.12.1. The issue is an improper source validation in the application, notably in database.php, enabling CSRF abuse that could let a remote attacker trick an authenticated administrator into visiting a malicious page and execute arbitrary system com...

CVE-2023-40619

The CVE-2023-40619 issue affects phpPgAdmin 7.14.4 and earlier, where untrusted data is deserialized (e.g., the ma[] POST parameter in tables.php) via PHP unserialize(), enabling remote code execution. Confirmed impact is remote code execution with high severity (CVSS 3.1: CRITICAL). Remediation ...

CVE-2012-1600

Multiple cross-site scripting (XSS) vulnerabilities affect phpPgAdmin in the PHP file functions.php, exploitable before version 5.0.4 via the (1) name or (2) type of a function. The issue allows remote attackers to inject arbitrary web script or HTML. Affected product: phpPgAdmin; vulnerable comp...

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection in dataexport.php (line 118) where user-supplied queries from $_REQUEST['query'] are executed directly, without sanitization or parameterization, via $data->conn->Execute($_REQUEST['query']). An authenticated attacker could run arbitrar...

CVE-2025-60798

CVE-2025-60798 affects phpPgAdmin 7.13.0 and earlier. The vulnerability is a SQL injection in display.php (line 396) where user-controlled input from $_REQUEST['query'] is passed directly to browseQuery without sanitization. An authenticated attacker can manipulate the query to execute arbitrary ...

CVE-2025-60796

CVE-2025-60796 affects phpPgAdmin 7.13.0 and earlier, with multiple reflected XSS vulnerabilities across components (e.g., sequences.php, indexes.php, admin.php, and other files). User input from $_REQUEST is echoed into HTML without proper encoding or sanitization, enabling attackers to execute ...

CVE-2025-60799

The CVE-2025-60799 issue affects phpPgAdmin