Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
pgAdmin 代码问题漏洞
Vulnerability Description
pgAdmin是一个用于开源数据库 PostgreSQL 的开源管理和开发平台。 pgAdmin 4 6.7之前版本存在安全漏洞,该漏洞源于软件无法对于用户上传的文件路径进行验证,导致路径遍历问题。经过授权的用户可以使用他们的跨站请求伪造令牌和会话身份验证标识构建HTTP请求利用该漏洞将文件上传到运行软件的操作系统中的用户账户有权写入的任意位置。
CVSS Information
N/A
Vulnerability Type
N/A