漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access control checks. Attackers can exploit this to store arbitrary SQL queries in $_SESSION['sqlquery'] by manipulating these parameters, potentially leading to session poisoning, stored cross-site scripting, or unauthorized access to sensitive session data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpPgAdmin 安全漏洞
Vulnerability Description
phpPgAdmin是phppgadmin开源的一个应用软件。用于 postgresql 的首要基于 Web 的管理工具。 phpPgAdmin 7.13.0及之前版本存在安全漏洞,该漏洞源于sql.php中未进行适当的验证或访问控制检查,可能导致会话投毒或存储型跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A