CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60799

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access control checks. Attackers can exploit this to store arbitrary SQL queries in $_SESSION['sqlquery'] by manipulating these parameters, potentially leading to session poisoning, stored cross-site scripting, or unauthorized access to sensitive session data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.4%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2025-60799

Phppgadmin Project » Phppgadmin » Version: 5.0

cpe:2.3:a:phppgadmin_project:phppgadmin:5.0
Phppgadmin Project » Phppgadmin » Version: 5.0.1

cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.1
Phppgadmin Project » Phppgadmin » Version: 5.0.2

cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.2
Phppgadmin Project » Phppgadmin » Version: 5.0.3

cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.3
Phppgadmin Project » Phppgadmin » Version: 5.0.4

cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.4
Phppgadmin Project » Phppgadmin » Version: 5.1.0

cpe:2.3:a:phppgadmin_project:phppgadmin:5.1.0
Phppgadmin Project » Phppgadmin » Version: 5.6.0

cpe:2.3:a:phppgadmin_project:phppgadmin:5.6.0
Phppgadmin Project » Phppgadmin » Version: 7.12.0

cpe:2.3:a:phppgadmin_project:phppgadmin:7.12.0
Phppgadmin Project » Phppgadmin » Version: 7.12.1

cpe:2.3:a:phppgadmin_project:phppgadmin:7.12.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60799

Products

Pricing

Contact Us