Pgadmin

Pgadmin 4

35 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.22%
  • Veröffentlicht 11.05.2026 16:17:38
  • Zuletzt bearbeitet 26.05.2026 13:29:44

Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authent...

  • EPSS 1.44%
  • Veröffentlicht 11.05.2026 16:17:38
  • Zuletzt bearbeitet 26.05.2026 15:16:56

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'" t...

  • EPSS 0.46%
  • Veröffentlicht 11.05.2026 16:17:37
  • Zuletzt bearbeitet 26.05.2026 13:43:36

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and...

Exploit
  • EPSS 0.16%
  • Veröffentlicht 11.05.2026 16:17:37
  • Zuletzt bearbeitet 26.05.2026 13:47:37

Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigned to DOM elements via innerHTML, allowing crafted o...

  • EPSS 0.46%
  • Veröffentlicht 11.05.2026 16:17:37
  • Zuletzt bearbeitet 26.05.2026 13:50:13

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An ...

  • EPSS 0.39%
  • Veröffentlicht 05.02.2026 17:30:05
  • Zuletzt bearbeitet 26.02.2026 22:20:45

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can...

  • EPSS 0.87%
  • Veröffentlicht 11.12.2025 18:30:47
  • Zuletzt bearbeitet 19.12.2025 19:51:13

pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands...

Medienbericht
  • EPSS 0.18%
  • Veröffentlicht 13.11.2025 13:15:45
  • Zuletzt bearbeitet 19.11.2025 21:18:09

pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

  • EPSS 0.36%
  • Veröffentlicht 13.11.2025 13:15:44
  • Zuletzt bearbeitet 19.11.2025 21:19:33

pgAdmin <= 9.9  is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data D...

Medienbericht
  • EPSS 0.75%
  • Veröffentlicht 13.11.2025 13:15:44
  • Zuletzt bearbeitet 01.12.2025 20:15:49

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providin...