Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command injection vulnerability allowing arbitrary command execution on Windows
Vulnerability Description
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
pgAdmin 安全漏洞
Vulnerability Description
pgAdmin是pgAdmin开源的一个用于开源数据库 PostgreSQL 的开源管理和开发平台。 pgAdmin 4 9.9及之前版本存在安全漏洞,该漏洞源于Windows系统上备份和恢复操作使用shell=True,可能导致命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A