pgAdmin versions 8.4 and earlier are affected by a remote reverse connection execution vulnerability via the binary path validation API.
263e864f594c394a102efec26ea63661ce2ce5e3573fde482860fbce55467c71
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
518f56e4049ab1c116b1d55d1a7662e998277cad57c401bcecbaa7035abe00a8
pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.
63ed0fcb6853adbac916564a39cabd9a37b97dc0119ebfdac97ec042356d36e4
pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target application. This exploit supports two techniques by which the payload can be loaded, depending on whether or not credentials are specified. If valid credentials are provided, Metasploit will login to pgAdmin and upload a payload object using pgAdmin's file management plugin. Once uploaded, this payload is executed via the path traversal before being deleted using the file management plugin. This technique works for both Linux and Windows targets. If no credentials are provided, Metasploit will start an SMB server and attempt to trigger loading the payload via a UNC path. This technique only works for Windows targets. For Windows 10 v1709 (Redstone 3) and later, it also requires that insecure outbound guest access be enabled. Tested on pgAdmin 8.3 on Linux, 7.7 on Linux, 7.0 on Linux, and 8.3 on Windows. The file management plugin underwent changes in the 6.x versions and therefore, pgAdmin versions below 7.0 cannot utilize the authenticated technique whereby a payload is uploaded.
841d670fe90193388942d1169f9624f5fb5ef8dcf21530ef2dc60444dccc5377
phpPgAdmin version 7.13.0 suffers from an authenticated command execution vulnerability.
7e78f9012afe8414513c0b1d8cda135dd917f81860ee7962efb2f5a64e3b0be3
Secunia Security Advisory - SUSE has issued an update for phpPgAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
ca21619d87fe821a4d5c90fe44505795af13875ccc587e6cdc2aaaf4a4576c4f
Secunia Security Advisory - A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious users to conduct script insertion attacks.
47b473c1c3ce6bc87b02c9e9163ddaf131a1121e676dee731a261561f067689e
Secunia Security Advisory - Multiple vulnerabilities have been reported in phpPgAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
f63246fb2f9318dd12c8628e42130b28db67b38b714d199468a4d65502427c4d
Secunia Security Advisory - Fedora has issued an update for phpPgAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
3010d386442260c78af719dd92661211bcc098eae74fb206893c07bd1d042dca
Debian Security Advisory 1693-2 - The security update for phpPgAdmin in DSA-1693-1 caused a regression in modifying table fields. This updates corrects that flaw.
062ebd9f3ac3214ae5f72ee6b947ca0a7dbc1ad3944e42915968c3a3d4ce7944
Debian Security Advisory 1693-1 - Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web.
7d4f2198b5b04336d494d708cff47fc1fd3d46e9591ef0094b8021d14bf4c822
Secunia Security Advisory - Debian has issued an update for phppgadmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
749a36cbbbb554d7230d29b4ca5ad6495291e4b43303799521e30f8e25f5fd03
Secunia Security Advisory - Fedora has issued an update for phpPgAdmin. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information.
a8313434f3549a78f2644e0422d34fc2ab53ac2cae14e5f85877e846e29cd349
phpPgAdmin versions 4.2.1 and below suffer from a local file inclusion vulnerability.
74707b950a3dc8ac1cbaa4e9b99cf6088d118b5733189d0bee1f14b9d4e462f3
Secunia Security Advisory - Dun has discovered a vulnerability in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information.
21ed3e82010e0bd995b142ab5fe52d0d7e9cb9060adb59bda9f09c688adf6623
phpPgAdmin versions 3.5 through 4.1.1 suffer from a cross site scripting vulnerability.
334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1e
phpPgAdmin version 4.1.1 suffers from a cross site scripting vulnerability.
334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1e
phpPgAdmin version 4.1.1 suffers from remote file inclusion and URL redirection vulnerabilities.
9249ffdd713f12814bd4e045058dcb068320591e4c583aedcaadcb0d3c5f11b7
Debian Security Advisory DSA 759-1 - A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that magic_quotes_gpc is disabled.
05b60eba171cd771fa884cd9ab159a07c205fee5abad17966e32f2c57eee59f6
Secunia Security Advisory - A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information.
eb619c5b21357c005e65660ed43094ac425949ca3e192df3786579103421a131