CVE-2023-40619
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
phpPgAdmin 7.14.4 y versiones anteriores son vulnerables a la sanitización de datos que no son de confianza, lo que puede provocar la ejecución remota de código porque los datos controlados por el usuario se pasan directamente a la función PHP 'unserialize()' en varios lugares. Un ejemplo es la funcionalidad para administrar tablas en 'tables.php' donde se deserializa el parámetro POST 'ma[]'.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-17 CVE Reserved
- 2023-09-20 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2023/11/msg00000.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Phppgadmin Project Search vendor "Phppgadmin Project" | Phppgadmin Search vendor "Phppgadmin Project" for product "Phppgadmin" | <= 7.14.4 Search vendor "Phppgadmin Project" for product "Phppgadmin" and version " <= 7.14.4" | - |
Affected
|