Filtered by vendor Pgadmin Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5002 2 Fedoraproject, Pgadmin 2 Fedora, Pgadmin 2024-11-21 6 Medium
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.
CVE-2023-22298 2 Fedoraproject, Pgadmin 2 Fedora, Pgadmin 2024-11-21 6.1 Medium
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.