pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| pgadmin4(PyPI) | 0 | 9.10 | N/A |
CVSS Metrics
