Filtered by vendor Pgadmin
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3116 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin | 2025-02-13 | 7.4 High |
| pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. | ||||
| CVE-2025-0218 | 1 Pgadmin | 1 Pgagent | 2025-02-11 | 5.5 Medium |
| When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. | ||||
| CVE-2023-5002 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin | 2024-11-21 | 6 Medium |
| A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | ||||
| CVE-2023-22298 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | ||||
Page 1 of 1.