CVE-2022-0959 in PostgreSQL and Pgadmin Products
Published on March 16, 2022
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2022-0959 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2022-0959
stack.watch emails you whenever new vulnerabilities are published in PostgreSQL pgAdmin or Pgadmin 4. Just hit a watch button to start following.
Exploit Probability
EPSS
0.39%
Percentile
59.60%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.