Unknown · Phppgadmin · CVE-2021-47853
**Name of the Vulnerable Software and Affected Versions**
phpPgAdmin version 7.13.0
**Description**
An authenticated attacker can execute arbitrary system commands through SQL query manipulation. This is achieved by creating a custom table, uploading a malicious .txt file, and utilizing the COPY FROM PROGRAM command to execute operating system commands with the application's privileges.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict access to the `COPY FROM PROGRAM` command.
Avoid using SQL queries that involve file uploads or external program execution.