cbcvebase.
CVE-2022-0959
published 2022-03-16

CVE-2022-0959: A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to…

PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.93%
56.1th percentile
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

Affected

2 ranges
VendorProductVersion rangeFixed in
pgadminpgadmin_4< 6.76.7
pgadminpgadmin_4

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.