Security vulnerabilities

  • Status Closed
  • Assigned To
  • Private
Attached to Project: Security vulnerabilities
Opened by 0xmagdy - 27.03.2024
Last edited by cbay - 03.04.2024

FS#43 - Information Disclosure PHPpgAdmin

Vulnerability Detail

PHPpgAdmin setup page is accessible over the internet in which it's possible for the user setup the servers with required details.

Vulnerable Endpoints You can add a server via this endpoint

Impact Its possible for an attacker to configure the servers without information of the application adminstrator.

Closed by  cbay
03.04.2024 07:03
Reason for closing:  Invalid


Can you provide us with a PoC showing us how you would do it?

cbay commented on 28.03.2024 08:22

That link returns "Access Denied", please provide a public link.

cbay commented on 29.03.2024 11:02

That's not a setup page, and you can only "add" servers to your own session. I'm pretty sure that's standard phpPgAdmin behaviour, and it doesn't cause any security issue as far as I know.


Available keyboard shortcuts


Task Details

Task Editing