CVE-2022-0959Unrestricted File Upload in 4

CWE-434Unrestricted File UploadCWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 33.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pgadmin 4
Timeline
PublishedMar 16
Latest updateMar 17

Description

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5pgadmin/pgadmin_4pgadmin 6.7

🔴Vulnerability Details

3
OSV
pgAdmin 4 Path Traversal vulnerability2022-03-17
GHSA
pgAdmin 4 Path Traversal vulnerability2022-03-17
CVEList
CVE-2022-0959: A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload2022-03-16
CVE-2022-0959 — Unrestricted File Upload in Pgadmin 4 | cvebase