CVE-2022-0959
Description
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.524
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-0959 are affected in pgAdmin 4 6.6 | Windows |
| Vulnerabilities CVE-2022-0959 are fixed in Python-pgadmin4 6.7 | Windows |
| Vulnerabilities CVE-2022-0959 are fixed in Python-pgadmin4 for linux 6.7 | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-352510 | pgAdmin 4 (9.9) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234