SQL Injection Vulnerability in phpPgAdmin by phpPgAdmin
CVE-2025-60798

6.5MEDIUM

Key Information:

Vendor

phpPgAdmin

Status
phpPgAdmin
Vendor
CVE Published:
20 November 2025

What is CVE-2025-60798?

A vulnerability in phpPgAdmin versions 7.13.0 and prior allows for SQL injection through unvalidated user input in display.php. The application directly uses the input from the user-controlled $_REQUEST['query'] in the browseQuery function, posing a risk where authenticated attackers can manipulate SQL queries. This flaw can lead to unauthorized access and manipulation of database contents, which may endanger sensitive data integrity and confidentiality.

References

https://github.com/phppgadmin/phppgadmin/blob/master/disp...
https://github.com/pr0wl1ng/security-advisories/blob/main...
https://github.com/pr0wl1ng/security-advisories/blob/main...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.