Description
pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.
Tested on pgAdmin 8.4 on Windows 10 both authenticated and unauthenticated.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/http/pgadmin_binary_path_apimsf undefined(pgadmin_binary_path_api) > show actions ...actions...msf undefined(pgadmin_binary_path_api) > set ACTION < action-name >msf undefined(pgadmin_binary_path_api) > show options ...show and set options...msf undefined(pgadmin_binary_path_api) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub