Pgadmin: >> Pgadmin 4 >> 9.9 Security Vulnerabilities
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
CVSS Score
6.8
EPSS Score
0.007
Published
2025-11-13
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-11-13
Page 2