Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4
Vulnerability Description
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
pgAdmin 安全漏洞
Vulnerability Description
pgAdmin是一个用于开源数据库 PostgreSQL 的开源管理和开发平台。 pgAdmin 4版本存在安全漏洞,该漏洞源于没有设置不应转义的可信基本路径。
CVSS Information
N/A
Vulnerability Type
N/A