Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-ghp8-52vx-77j4: pgAdmin failed to properly control the server code

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

ghsa
#sql#git#perl#auth#postgres

pgAdmin failed to properly control the server code

Moderate severity GitHub Reviewed Published Sep 22, 2023 to the GitHub Advisory Database • Updated Sep 22, 2023

Related news

CVE-2023-5002: Remote command Execution by an Authenticated user in pgAdmin 4 · Issue #6763 · pgadmin-org/pgadmin4

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP