Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)
Vulnerability Description
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
pgAdmin 安全漏洞
Vulnerability Description
pgAdmin是pgAdmin开源的一个用于开源数据库 PostgreSQL 的开源管理和开发平台。 pgAdmin 9.11版本存在安全漏洞,该漏洞源于恢复限制可被绕过,可能导致命令执行。
CVSS Information
N/A
Vulnerability Type
N/A