Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-4223Code Injection in 4

CWE-94Code InjectionCWE-862Missing Authorization6 documents6 sources
Severity
8.8HIGHNVD
EPSS
87.8%
top 0.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Pgadmin 4Fedoraproject Fedora
Timeline
PublishedDec 13

Description

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appr

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDpgadmin/pgadmin_4< 6.17

Also affects: Fedora 37

🔴Vulnerability Details

3
GHSA
pgadmin4 vulnerable to Code Injection2022-12-13
CVEList
CVE-2022-4223: The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_du2022-12-13
OSV
pgadmin4 vulnerable to Code Injection2022-12-13

💥Exploits & PoCs

1
Nuclei
pgAdmin < 6.17 - Unauthenticated Remote Code Execution

📋Vendor Advisories

1
Red Hat
pgadmin4: Unauthenticated remote code execution while validating the binary path2022-12-02
CVE-2022-4223 — Code Injection in Pgadmin 4 | cvebase