CVE-2024-3116 — Command Injection in Pgadmin 4

CWE-77 — Command Injection4 documents4 sources

Severity

9.8CRITICALNVD

CNA7.4

EPSS

90.7%

top 0.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pgadmin.org Pgadmin 4 Pgadmin 4 Fedoraproject Fedora

Timeline

PublishedApr 4

Description

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5pgadmin.org/pgadmin_4< 8.5

▶NVDpgadmin/pgadmin_48.4

Also affects: Fedora 39

🔴Vulnerability Details

CVEList

Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4↗2024-04-04

▶

GHSA

pgAdmin Remote Code Execution (RCE) vulnerability↗2024-04-04

▶

OSV

pgAdmin Remote Code Execution (RCE) vulnerability↗2024-04-04

▶