cbcvebase.
CVE-2023-5002
published 2023-09-22

CVE-2023-5002: A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as…

PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.47%
70.5th percentile
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

Affected

3 ranges
VendorProductVersion rangeFixed in
fedoraprojectfedora
fedoraprojectfedora
pgadminpgadmin_4< 7.77.7
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.