SQL Injection Vulnerability in phpPgAdmin by phpPgAdmin
CVE-2025-60798
Currently unrated
What is CVE-2025-60798?
A vulnerability in phpPgAdmin versions 7.13.0 and prior allows for SQL injection through unvalidated user input in display.php. The application directly uses the input from the user-controlled $_REQUEST['query'] in the browseQuery function, posing a risk where authenticated attackers can manipulate SQL queries. This flaw can lead to unauthorized access and manipulation of database contents, which may endanger sensitive data integrity and confidentiality.