SQL Injection Vulnerability in phpPgAdmin by phpPgAdmin Project
CVE-2025-60797

6.5MEDIUM

Key Information:

Vendor: phpPgAdmin Project
Status: phpPgAdmin
Vendor: CVE Published:; 20 November 2025

🔔 Create phpPgAdmin Project Vulnerability Alert

What is CVE-2025-60797?

phpPgAdmin versions 7.13.0 and earlier contain a vulnerability in dataexport.php that permits SQL injection via the $_REQUEST['query'] parameter. The application executes the user-supplied SQL query directly without proper sanitization or parameterization. This flaw allows an authenticated attacker to craft malicious SQL queries, which can result in unauthorized data retrieval, data modification, or privilege escalation, leading to a potential compromise of the entire database.

References

https://github.com/phppgadmin/phppgadmin/blob/master/data...

https://github.com/pr0wl1ng/security-advisories/blob/main...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Sep 26, 2025

JSON