Valerio Severini

**Name of the Vulnerable Software and Affected Versions** phpPgAdmin version 7.13.0 **Description** An authenticated attacker can execute arbitrary system commands through SQL query manipulation. This is achieved by creating a custom table, uploading a malicious .txt file, and utilizing the COPY FROM PROGRAM command to execute operating system commands with the application's privileges. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `COPY FROM PROGRAM` command. Avoid using SQL queries that involve file uploads or external program execution.