CVE-2023-5002

CVE Database · CVE-2023-5002

CVE-2023-5002

· MEDIUMModified

CVSS v3.1

6.0

EPSS

1.47%

Published

Sep 22, 2023

Modified

Mar 17, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

Weaknesses (CWE)

CWE-78

Affected Products (3)

pgadmin · pgadmin_4 (up to 7.7)vulnerable

fedoraproject · fedoravulnerable

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=2239164

Issue TrackingThird Party Advisory

https://github.com/pgadmin-org/pgadmin4/issues/6763

Issue TrackingPatch