Access Control Flaw in phpPgAdmin Affects User Session Security
CVE-2025-60799
Currently unrated
What is CVE-2025-60799?
phpPgAdmin versions 7.13.0 and earlier contain an access control vulnerability in the sql.php file. This flaw enables unauthorized manipulation of session variables by accepting user-controlled parameters, such as 'subject', 'server', 'database', and 'queryid', without adequate validation. Attackers can exploit this weakness to inject arbitrary SQL queries into the session, potentially leading to session poisoning, stored cross-site scripting, or unauthorized access to sensitive data within user sessions.