📦 Pgadmin 4
by Pgadmin
🔍 What is Pgadmin 4?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
pgAdmin versions up to 9.9 running in server mode are vulnerable to remote code execution when processing PLAIN-format database dump files during restore operations. Attackers can inject arbitrary com...
This CVE describes a critical remote code execution vulnerability in pgAdmin 4 where attacker-controlled input is passed to Python's eval() function. Attackers can execute arbitrary code on the pgAdmi...
pgAdmin versions 8.11 and earlier have an OAuth2 authentication vulnerability that could expose client IDs and secrets. This allows attackers to potentially gain unauthorized access to user data throu...
pgAdmin versions up to 8.3 contain a path traversal vulnerability in session handling that allows unsafe deserialization of pickle objects, leading to remote code execution. On Windows, unauthenticate...
pgAdmin 9.11 in server mode has a restore restriction bypass vulnerability that allows authenticated attackers to execute arbitrary commands on the host system during restore operations. Attackers can...
pgAdmin versions up to 9.9 have a vulnerability in LDAP authentication that allows attackers to bypass TLS certificate verification. This enables man-in-the-middle attacks where authentication traffic...
pgAdmin versions up to 9.9 have an LDAP injection vulnerability in the authentication flow that allows attackers to inject special LDAP characters in usernames. This can cause denial of service by mak...
pgAdmin versions up to 9.7 have a Cross-Origin Opener Policy vulnerability that allows attackers to manipulate OAuth authentication flows. This could lead to unauthorized account access, account takeo...
This vulnerability allows attackers who have stolen valid pgAdmin credentials to bypass multi-factor authentication (MFA) protections. Affected systems running pgAdmin 8.5 or earlier are vulnerable, e...
pgAdmin versions up to 8.4 contain a remote code execution vulnerability in the validate binary path API. Attackers can exploit this to execute arbitrary code on the server hosting pgAdmin, potentiall...
pgAdmin 4 on Windows systems contains a command injection vulnerability that allows attackers to execute arbitrary system commands through specially crafted file paths during backup/restore operations...
CVE-2023-0241 is a directory traversal vulnerability in pgAdmin 4 that allows authenticated users to access or modify files outside the intended directory. This affects all pgAdmin 4 users running ver...