-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phppgadmin/phppgadmin | composer | <= 7.13.0 |
Miggo AIRoot Cause AnalysisThe security vulnerability is an improper access control issue within phpPgAdmin version 7.13.0 and earlier. The analysis of the sql.php file confirms the description of the vulnerability. The core of the issue lies in a block of code in the global scope of sql.php, specifically at lines 71-73. This code is responsible for handling the retrieval of SQL queries from a session-stored history.
The vulnerability is triggered when a request is sent to sql.php with the subject parameter set to history. The code then uses other user-controlled parameters (server, database, and queryid) as keys to access the $_SESSION['history'] array. The query retrieved from the history is then placed into $_SESSION['sqlquery'], which is later executed by the database connection.
The fundamental flaw is the complete lack of authorization checks. The application does not verify if the current user has the right to access the history item specified by the input parameters. This allows an attacker to potentially access and re-execute sensitive queries stored in the session history of other users, assuming they can guess or obtain the required server, database, and queryid values. This could lead to unauthorized data access or manipulation.
Since the vulnerable code is not encapsulated within a specific function but resides in the global scope of the sql.php script, the vulnerable execution context is the script itself. In many PHP profilers, execution in the global scope is denoted as {main}, which is used here to represent the vulnerable runtime indicator.
{main}sql.php
PHPPHPOngoing coverage of React2Shell