CVE-2024-4215SQL Injection in Pgadmin 4

CWE-89SQL Injection4 documents4 sources
Severity
8.8HIGHNVD
CNA7.4
EPSS
0.0%
top 91.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Pgadmin.org Pgadmin 4Pgadmin 4Fedoraproject Fedora
Timeline
PublishedMay 2

Description

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5pgadmin.org/pgadmin_4< 8.6

Also affects: Fedora 40

🔴Vulnerability Details

3
GHSA
pgAdmin is affected by a multi-factor authentication bypass vulnerability2024-05-02
CVEList
The Multi Factor Authentication bypass vulnerability in pgAdmin 42024-05-02
OSV
pgAdmin is affected by a multi-factor authentication bypass vulnerability2024-05-02
CVE-2024-4215 — SQL Injection in Pgadmin.org Pgadmin 4 | cvebase