CVE-2023-40619

Published: Sep 20, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.

Affected (1)

Products: Phppgadmin Project: Phppgadmin

Phppgadmin Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phppgadmin Project Phppgadmin	Up to 7.14.4

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/11/msg00000.html

Source: cve@mitre.org

https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/11/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.