CVE-2023-40619
published 2023-09-20CVE-2023-40619: phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.10%
61.5th percentile
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phppgadmin | < phppgadmin 7.14.7+dfsg-1 (forky) | phppgadmin 7.14.7+dfsg-1 (forky) |
| phppgadmin_project | phppgadmin | <= 7.14.4 | — |
| phppgadmin_project | phppgadmin | >= 0 < 7.14.7+dfsg-1 | 7.14.7+dfsg-1 |
| phppgadmin_project | phppgadmin | >= 0 < 7.14.7+dfsg-1 | 7.14.7+dfsg-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to tables.php containing the 'ma[]' parameter, as user-controlled data in this parameter is passed directly to PHP unserialize() and may carry a malicious serialized payload. ↗
- →Detect exploitation attempts by inspecting POST body for serialized PHP object patterns (e.g. strings beginning with 'O:', 'a:', 'C:') in the ma[] parameter sent to phpPgAdmin endpoints. ↗
- ·The deserialization vulnerability exists in multiple places beyond tables.php; tables.php with ma[] is cited only as one example — additional endpoints should be audited. ↗
- ·Only phpPgAdmin versions 7.14.4 and earlier are vulnerable; the fix is present in 7.14.7+dfsg-1 (Debian) — verify the installed version before deploying detections. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-40619: phpPgAdmin 7
osv·2023-09-20·CVSS 9.8
CVE-2023-40619 [CRITICAL] CVE-2023-40619: phpPgAdmin 7
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
GHSA
GHSA-r8pf-p598-jhpm: phpPgAdmin 7
ghsa_unreviewed·2023-09-20
CVE-2023-40619 [CRITICAL] CWE-502 GHSA-r8pf-p598-jhpm: phpPgAdmin 7
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
Debian
CVE-2023-40619: phppgadmin - phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data...
vendor_debian·2023·CVSS 9.8
CVE-2023-40619 [CRITICAL] CVE-2023-40619: phppgadmin - phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data...
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
Scope: local
forky: resolved (fixed in 7.14.7+dfsg-1)
sid: resolved (fixed in 7.14.7+dfsg-1)
trixie: resolved (fixed in 7.14.7+dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-20
Published