What is CVE-2022-4223?

CVE-2022-4223 is a vulnerability in Pgadmin4, classified under Code Injection. Published 2022-12-13.

Is CVE-2022-4223 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Pgadmin4

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL ver…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.878 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a Pgadmin4 — versions pgadmin4 6.17

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores
J1ezds/Vulnerability-Wiki-page
JanRooduijn/pgadmin4-REL-6_
JanRooduijn/tutorial-radboud
Threekiii/Awesome-POC
XiaomingX/awesome-poc-for-red-team
mikhirurg/tutorial-radboud

References

github.com/pgadmin-org/pgadmin4/issues/5593
FEDORA-2022-2d5a6f48e1 (vendor-advisory)

Frequently asked questions

What is CVE-2022-4223?: CVE-2022-4223 is a vulnerability in Pgadmin4, classified under Code Injection. Published 2022-12-13.
Is CVE-2022-4223 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.