Remote code execution by an authenticated user
CVE-2023-5002

6MEDIUM

Key Information:

Status
Vendor: CVE Published:; 22 September 2023

What is CVE-2023-5002?

A security flaw in pgAdmin allows authenticated users to exploit the server HTTP API to execute arbitrary commands. This vulnerability arises from improper path validation for external PostgreSQL utilities such as pg_dump and pg_restore. As a result, versions of pgAdmin prior to 7.6 are susceptible to unauthorized command execution on the server, posing significant security risks for database integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugzilla.redhat.com/show_bug.cgi?id=2239164

issue-trackingx_refsource_REDHAT

https://github.com/pgadmin-org/pgadmin4/issues/6763

https://lists.fedoraproject.org/archives/list/package-ann...

EPSS Score

23% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2023
Vulnerability Reserved
Sep 15, 2023

JSON

What is CVE-2023-5002?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.