PT-2023-18595 · Pghero · Pghero
Seryun Ham
·
Published
2023-01-05
·
Updated
2025-04-07
·
CVE-2023-22626
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PgHero versions prior to 3.1.0
Description
The issue allows information disclosure via EXPLAIN, as query results may be present in an error message. Depending on database user privileges, this may disclose information from the database or from file contents on the database server.
Recommendations
For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the EXPLAIN feature to minimize the risk of information disclosure.
Exploit
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pghero