CVE-2023-22626

Published: Jan 5, 2023Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)

Affected (1)

Products: Pghero Project: Pghero

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pghero Project Pghero	From 0.1.1 to 3.1.0

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://github.com/ankane/pghero/issues/439

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/ankane/pghero/issues/439

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.