Lucene search
RedhatCVELIST:CVE-2022-4223HistoryDec 13, 2022 - 12:00 a.m.
CVE-2022-4223
2022-12-1300:00:00
CWE-94
redhat
www.cve.org
pgadmin
http api
insecure
unauthenticated
executables
postgresql
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.
CNA Affected
[
{
"vendor": "n/a",
"product": "pgadmin4",
"versions": [
{
"version": "pgadmin4 6.17",
"status": "affected"
}
]
}
]Related
openvas
openvas
Fedora: Security Advisory for pgadmin4 (FEDORA-2022-2d5a6f48e1)
2022-12-18 00:00:00
github
github
pgadmin4 vulnerable to Code Injection
2022-12-13 18:30:34
redhatcve
redhatcve
CVE-2022-4223
2022-12-07 05:31:12
cve
cve
CVE-2022-4223
2022-12-13 16:15:26
osv
osv
CVE-2022-4223
2022-12-13 16:15:26
pgadmin4 vulnerable to Code Injection
2022-12-13 18:30:34
prion
prion
Path traversal
2022-12-13 16:15:00
cnvd
cnvd
pgAdmin 4 remote code execution vulnerability
2022-12-08 00:00:00
nvd
nvd
CVE-2022-4223
2022-12-13 16:15:26
veracode
veracode
Remote Code Execution (RCE)
2022-12-14 02:27:04
fedora
fedora
[SECURITY] Fedora 37 Update: pgadmin4-6.17-2.fc37
2022-12-18 01:41:35
wallarmlab
wallarmlab
Q4-2022 API ThreatStatsโข Report
2023-02-22 16:02:55