SQL Injection Vulnerability in phpPgAdmin by phpPgAdmin Project
CVE-2025-60797
Currently unrated
What is CVE-2025-60797?
phpPgAdmin versions 7.13.0 and earlier contain a vulnerability in dataexport.php that permits SQL injection via the $_REQUEST['query'] parameter. The application executes the user-supplied SQL query directly without proper sanitization or parameterization. This flaw allows an authenticated attacker to craft malicious SQL queries, which can result in unauthorized data retrieval, data modification, or privilege escalation, leading to a potential compromise of the entire database.