pgAdmin Remote Code Execution Vulnerability
CVE-2024-3116
Key Information:
- Vendor
Pgadmin.org
- Status
- Vendor
- CVE Published:
- 4 April 2024
Badges
What is CVE-2024-3116?
The pgAdmin Remote Code Execution Vulnerability, identified as CVE-2024-3116, affects pgAdmin <= 8.4, a widely used administrative tool for PostgreSQL databases. This vulnerability allows attackers to execute arbitrary code on the server hosting pgAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. The vulnerability is actively exploited, allowing attackers to upload and execute malicious code. The exploit notably affects Windows platforms due to their more permissive approach to executable file permissions. The issue was remediated by the development team through enhanced path validation to reject unauthorized binary paths, along with implementing a restriction on certain operations within server mode to prevent exploitation through forged utility paths. The patch was released on April 4, 2024.
Affected Version(s)
pgAdmin 4 0
News Articles
unSafe.shCVE-2024-3116CVE-2024-3116 β Remote Code Execution Vulnerability in pgAdmin - PostgreSQL Tools (<=8.4): Detailed Analysis Report
CVE-2024-3116 β Remote Code Execution Vulnerability in pgAdmin - PostgreSQL Tools (<=8.4): Detailed Analysis Report
unSafe.shCVE-2024-3116CVE-2024-3116 β Remote Code Execution Vulnerability in pgAdmin - PostgreSQL Tools (<=8.4): Detailed Analysis Report
CVE-2024-3116 β Remote Code Execution Vulnerability in pgAdmin - PostgreSQL Tools (<=8.4): Detailed Analysis Report
References
EPSS Score
90% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π°
First article discovered by unSafe.sh
Vulnerability published