MidnightBSD

Advisories for pgadmin

CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 1.3 6.0

Products Affected

Vendor Product Version
pgadmin pgadmin *
CVE-2023-22298

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

Products Affected

Vendor Product Version
fedoraproject fedora 36
pgadmin pgadmin *
CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
patrick@puiterwijk.org 6.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H 0.5 5.5

Products Affected

Vendor Product Version
fedoraproject fedora 37
pgadmin pgadmin *
fedoraproject fedora 38
CVE-2024-2044

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 4.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
fedoraproject fedora 40
pgadmin pgadmin_4 *
CVE-2024-4215

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 3.1 3.7

Products Affected

Vendor Product Version
fedoraproject fedora 40
pgadmin pgadmin_4 *
CVE-2024-4216

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 3.1 3.7

Products Affected

Vendor Product Version
fedoraproject fedora 40
pgadmin pgadmin_4 *
CVE-2024-6238

pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 3.1 3.7

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2025-0218

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
pgadmin pgagent *
CVE-2025-12762

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 3.1 5.3

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2025-12764

pgAdmin <= 9.9  is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2025-12765

pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2025-13780

pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 3.1 5.3

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2025-2945

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2025-2946

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H 3.1 5.3

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2025-9636

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 7.9 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L 1.3 6.0

Products Affected

Vendor Product Version
pgadmin pgadmin_4 *
CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 3.1 3.7

Products Affected

Vendor Product Version
pgadmin pgadmin_4 9.11