J3Seer

**Name of the Vulnerable Software and Affected Versions** pgAdmin 4 versions prior to 9.15 **Description** An SQL injection exists in the Maintenance Tool where four user-supplied JSON fields—`buffer usage limit`, `vacuum parallel`, `vacuum index cleanup`, and `reindex tablespace`—are concatenated directly into the rendered VACUUM, ANALYZE, or REINDEX command and passed to psql --command. An authenticated user with the tools maintenance permission can break out of the option syntax to execute arbitrary SQL on the connected PostgreSQL server. This can further lead to operating-system command execution on the database host by invoking the COPY ... TO PROGRAM command. **Recommendations** Update to version 9.15 or later.

**Name of the Vulnerable Software and Affected Versions** pgAdmin 4 versions prior to 9.15 **Description** Local file inclusion (LFI) and server-side request forgery (SSRF) issues exist in the LLM API configuration endpoints. Authenticated users can read arbitrary server-side files by providing a path to the `api key file` preference, or force the application to make requests to internal targets, such as cloud metadata services, by manipulating the `api url` preference. These issues are exploitable via the chat path and model-list endpoints. **Recommendations** Update to version 9.15 or later. Restrict the `api url` using the `config.ALLOWED LLM API URLS` allow-list at every entry point.