8.8
CVE-2023-5002
- EPSS 17.33%
- Published 22.09.2023 14:15:47
- Last modified 17.03.2025 16:43:52
- Source patrick@puiterwijk.org
- Teams watchlist Login
- Open Login
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.33% | 0.948 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| patrick@puiterwijk.org | 6 | 0.5 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.