CVE-2024-3116

2024-04-0415:15:39

PostgreSQL

web.nvd.nist.gov

pgadmin

remote code execution

vulnerability

validate binary path api

arbitrary code

server security

database management system

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

EPSS

0.003

Percentile

65.8%

JSON

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system’s integrity and the security of the underlying data.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Utility's Binary Path"
    ],
    "product": "pgAdmin 4",
    "programFiles": [
      "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/__init__.py"
    ],
    "repo": "https://github.com/pgadmin-org/pgadmin4",
    "vendor": "pgadmin.org",
    "versions": [
      {
        "lessThan": "8.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]