phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
References
Link | Resource |
---|---|
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/11/msg00000.html |
Configurations
History
03 Nov 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2023, 18:20
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619 - Third Party Advisory | |
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:phppgadmin_project:phppgadmin:*:*:*:*:*:*:*:* | |
First Time |
Phppgadmin Project phppgadmin
Phppgadmin Project |
20 Sep 2023, 18:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-20 18:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-40619
Mitre link : CVE-2023-40619
CVE.ORG link : CVE-2023-40619
JSON object : View
Products Affected
phppgadmin_project
- phppgadmin
CWE
CWE-502
Deserialization of Untrusted Data