CVE-2025-60799

Name of the Vulnerable Software and Affected Versions phpPgAdmin versions 7.13.0 and earlier

Description The application does not properly validate or control access to user-controlled parameters ('subject','server','database','queryid') in sql.php at lines 68-76, allowing unauthorized manipulation of session variables. Attackers can exploit this to store arbitrary SQL queries in $ SESSION['sqlquery'], potentially leading to session poisoning or stored cross-site scripting.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.