PT-2023-18595 · Pghero · Pghero

Seryun Ham

Publicado

2023-01-05

Atualizado

2025-04-07

CVE-2023-22626

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PgHero versions prior to 3.1.0

Description The issue allows information disclosure via EXPLAIN, as query results may be present in an error message. Depending on database user privileges, this may disclose information from the database or from file contents on the database server.

Recommendations For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the EXPLAIN feature to minimize the risk of information disclosure.

Exploit

Correção

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-209

Identificadores relacionados

CVE-2023-22626

GHSA-VF99-XW26-86G5

Produtos afetados

Pghero

PT-2023-18595 · Pghero · Pghero

CVE-2023-22626

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9