CVE-2023-5002

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 7.7

Description The issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg dump and pg restore. This allows an authenticated user to run arbitrary commands on the server due to insufficient input validation. Approximately 5,294 results are affected, according to ZoomEyeDork.

Recommendations For pgAdmin versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the pgAdmin server HTTP API to minimize the risk of exploitation. Avoid using the API endpoint that validates the path to external PostgreSQL utilities until the issue is resolved.