CVE-2023-5002 Vulnerability Details

  /     /     /  

CVE-2023-5002 Metadata Quick Info

CVE Published: 22/09/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: fedora | Vendor: | Product:
Status : PUBLISHED

---

CVE-2023-5002 Description

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-78
CWE Name: Improper Neutralization of Special Elements used in an OS Command ( OS Command Injection )
Source:

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).