CVE-2023-5002

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-5002
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5002.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-5002
Aliases
Related
Published
2023-09-22T14:15:47Z
Modified
2025-03-17T19:50:12.672985Z
Downstream
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

References

Affected packages

Git / github.com/pgadmin-org/pgadmin4

Affected ranges

Type
GIT
Repo
https://github.com/pgadmin-org/pgadmin4
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3b616b2fb1cf0dc31933aec751aea8ec266e5bcc

Affected versions

Other

REL-1_0
REL-1_0-BETA1
REL-1_0-BETA2
REL-1_0-BETA3
REL-1_0-BETA4
REL-1_0-RC1
REL-1_1
REL-1_2
REL-1_3
REL-1_4
REL-1_5
REL-1_6
REL-2_0
REL-2_0-RC1
REL-2_0-RC2
REL-2_1
REL-3_0
REL-3_1
REL-3_2
REL-3_3
REL-3_4
REL-3_5
REL-3_6
REL-4_0
REL-4_1
REL-4_10
REL-4_11
REL-4_12
REL-4_13
REL-4_14
REL-4_15
REL-4_16
REL-4_17
REL-4_18
REL-4_19
REL-4_2
REL-4_20
REL-4_21
REL-4_22
REL-4_23
REL-4_24
REL-4_25
REL-4_26
REL-4_27
REL-4_28
REL-4_29
REL-4_3
REL-4_30
REL-4_4
REL-4_5
REL-4_6
REL-4_7
REL-4_8
REL-4_9
REL-5_0
REL-5_1
REL-5_2
REL-5_3
REL-5_4
REL-5_5
REL-5_6
REL-5_7
REL-6_0
REL-6_1
REL-6_10
REL-6_11
REL-6_12
REL-6_13
REL-6_14
REL-6_15
REL-6_16
REL-6_17
REL-6_18
REL-6_19
REL-6_2
REL-6_20
REL-6_21
REL-6_3
REL-6_4
REL-6_5
REL-6_6
REL-6_7
REL-6_8
REL-6_9
REL-7_0
REL-7_1
REL-7_2
REL-7_3
REL-7_4
REL-7_5
REL-7_6