PT-2024-2637 · Pgadmin+1 · Pgadmin+1

Ayout Mokhtar

Published

2024-04-04

Updated

2025-09-29

CVE-2024-3116

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions pgAdmin versions 8.4 and earlier

Description pgAdmin is susceptible to a Remote Code Execution (RCE) vulnerability stemming from improper restriction of the path name to an accessible directory. Successful exploitation allows a remote attacker to execute arbitrary code on the server hosting pgAdmin, potentially compromising the database management system and its underlying data.

Recommendations pgAdmin versions prior to 8.5 are affected. Upgrade to version 8.5 or later to address this issue.

Exploit

Fix

RCE

Command Injection

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-22

Related Identifiers

BDU:2024-02704

CVE-2024-3116

GHSA-27JX-FFW8-XRQV

OPENSUSE-SU-2024:13843-1

Affected Products

Pgadmin

Red Os

PT-2024-2637 · Pgadmin+1 · Pgadmin+1

CVE-2024-3116

Weakness Enumeration

Related Identifiers

Affected Products

References · 31