MEDIUM 6.8

GHSA-rm79-x4g6-hvg5

pgAdmin 4 has command injection vulnerability on Windows systems

상세

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / pgadmin4

최초 영향 버전: 0 수정 버전: 9.10

수정 pip install --upgrade 'pgadmin4>=9.10'

참고

https://nvd.nist.gov/vuln/detail/CVE-2025-12763 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/9323 [WEB]
https://github.com/pgadmin-org/pgadmin4/commit/e374edc69239b3e02ecde895e27d9f9e488b87ee [WEB]
https://github.com/pgadmin-org/pgadmin4 [PACKAGE]