HIGH🇵🇱 Wersja polska

CVE-2023-1907

CVSS 8.0v3.1pub. 2025-01-09upd. 2025-06-20

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Pgadmin

    APP
    Pgadmin
    < 7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-12048CRITICAL9.3ten sam vendor

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a P...

CVE-2026-12046CRITICAL9.5ten sam vendor

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POS...

CVE-2026-12045CRITICAL9.4ten sam vendor

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database conte...

CVE-2026-7813CRITICAL9.4PL ✓ten sam vendor

pgAdmin 4: nieautoryzowany dostęp i privilege escalation w trybie serwerowym

CVE-2025-13780CRITICAL9.1PL ✓ten sam vendor

RCE w pgAdmin 4 poprzez złośliwe pliki dump w trybie serwerowym