cvedb.io
CVE-2025-60797
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-11-20T15:17:38.250 · Last modified 2026-06-17T09:50:07.067

Summary

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST['query']). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or privilege escalation.

Affected products

phppgadmin_project — phppgadmin

Does this affect you?

Add your gear to cvedb and we'll alert you only when phppgadmin_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.