What is CVE-2024-3116?

CVE-2024-3116 is a high-severity vulnerability in Pgadmin.org Pgadmin 4. CVSS score: 7.4/10. Published 2024-04-04.

How severe is CVE-2024-3116?

High severity. CVSS v3 base score is 7.4 out of 10.

Is CVE-2024-3116 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pgadmin.org Pgadmin 4

CVE-2024-3116

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the datab…

EPSS: 0.907 (99.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L.

Affected products

Pgadmin.org Pgadmin 4 — versions 0

Public proof-of-concept exploits

TechieNeurons/CVE-2024-3116_RCE_in_pgadmin_8.4
rapid7/metasploit-framework
FoxyProxys/CVE-2024-3116
TechieNeurons/CVE-2024-3116_
enomothem/PenTestNote
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub
tanjiti/sec_

References

github.com/pgadmin-org/pgadmin4/issues/7326 (issue-tracking)
gist.github.com/aelmokhtar/689a8be7e3bd535ec01992d8ec7b2b98 (mitigation)
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…

Frequently asked questions

What is CVE-2024-3116?: CVE-2024-3116 is a high-severity vulnerability in Pgadmin.org Pgadmin 4. CVSS score: 7.4/10. Published 2024-04-04.
How severe is CVE-2024-3116?: High severity. CVSS v3 base score is 7.4 out of 10.
Is CVE-2024-3116 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.