Lucene search
PRIOn knowledge basePRION:CVE-2022-4223HistoryDec 13, 2022 - 4:15 p.m.
Path traversal
2022-12-1316:15:00
PRIOn knowledge base
www.prio-n.com
4
pgadmin
http api
path traversal
vulnerability
postgresql
security
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.
Related
cvelist
cvelist
CVE-2022-4223
2022-12-13 00:00:00
openvas
openvas
Fedora: Security Advisory for pgadmin4 (FEDORA-2022-2d5a6f48e1)
2022-12-18 00:00:00
github
github
pgadmin4 vulnerable to Code Injection
2022-12-13 18:30:34
redhatcve
redhatcve
CVE-2022-4223
2022-12-07 05:31:12
cve
cve
CVE-2022-4223
2022-12-13 16:15:26
cnvd
cnvd
pgAdmin 4 remote code execution vulnerability
2022-12-08 00:00:00
osv
osv
CVE-2022-4223
2022-12-13 16:15:26
pgadmin4 vulnerable to Code Injection
2022-12-13 18:30:34
veracode
veracode
Remote Code Execution (RCE)
2022-12-14 02:27:04
nvd
nvd
CVE-2022-4223
2022-12-13 16:15:26
fedora
fedora
[SECURITY] Fedora 37 Update: pgadmin4-6.17-2.fc37
2022-12-18 01:41:35
wallarmlab
wallarmlab
Q4-2022 API ThreatStatsโข Report
2023-02-22 16:02:55