Description

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access control checks. Attackers can exploit this to store arbitrary SQL queries in $_SESSION['sqlquery'] by manipulating these parameters, potentially leading to session poisoning, stored cross-site scripting, or unauthorized access to sensitive session data.

INFO

Published Date :

2025-11-20T00:00:00.000Z

Last Modified :

2025-11-20T21:34:31.713Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60799 vulnerability.

Vendors Products
Phppgadmin
  • Phppgadmin
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60799.

URL Resource
https://github.com/phppgadmin/phppgadmin/blob/master/sql.php#L68-L76 cve-icon cve-icon
https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60799.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact