CVE-2021-47853

Name of the Vulnerable Software and Affected Versions phpPgAdmin version 7.13.0

Description An authenticated attacker can execute arbitrary system commands through SQL query manipulation. This is achieved by creating a custom table, uploading a malicious .txt file, and utilizing the COPY FROM PROGRAM command to execute operating system commands with the application's privileges.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the COPY FROM PROGRAM command. Avoid using SQL queries that involve file uploads or external program execution.