phpPgAdmin SQL Injection Vulnerability in display.php

Vulnerability

A SQL injection vulnerability has been identified in phpPgAdmin versions through 7.13.0. The issue arises in display.php, specifically at line 396, where user-controlled input from the $_REQUEST['query'] parameter is passed directly to the browseQuery function without proper sanitization. This vulnerability allows authenticated attackers to inject and execute arbitrary SQL commands, potentially leading to a complete compromise of the database.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, which could lead to unauthorized data access, data manipulation, or a complete compromise of the PostgreSQL database.

Added: Nov 20, 2025, 3:24 PM

Updated: Nov 20, 2025, 10:38 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.9

remediation

0.0

relevance

1.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.9

remediation

0.0

relevance

1.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpPgAdmin SQL Injection Vulnerability in display.php

Vulnerability

Impact

Affected Products

phpPgAdmin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating