HTTP: pgAdmin validate_binary_path Remote Code Execution
This signature detects attempts to exploit a known vulnerability against pgAdmin validate_binary_path. A successful attack can lead to arbitrary code execution.
Extended Description
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.
Affected Products
Pgadmin pgadmin_4
Short Name
HTTP:CTS:PGADMIN-VLIDT-BIN2-RCE
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2022-4223 CVE-2024-3116 Code Execution Remote pgAdmin validate_binary_path
Release Date
01/17/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3791
False Positive
Rarely
Vendors
Fedoraproject
Pgadmin