CVE-2025-60798

CVE Database · CVE-2025-60798

CVE-2025-60798

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

0.24%

Published

Nov 20, 2025

Modified

Nov 25, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete database compromise.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-89

Affected Products (1)

phppgadmin_project · phppgadminvulnerable

References (3)

https://github.com/phppgadmin/phppgadmin/blob/master/display.php#L396

Product

https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60797.md

Not Applicable

https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60798.md

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs