Debian Security Advisory
DLA-3644-1 phppgadmin -- LTS security update
- Date Reported:
- 02 Nov 2023
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2023-40619.
- More information:
It was discovered there was a potential remote code execution vulnerability in phppgadmin, a web-based administration tool for the PostgreSQL database server. This issue concerned the deserialisation of untrusted data, which may have led to remote code execution because user-controlled data was being passed directly to the PHP
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma' POST parameter is deserialized.
For Debian 10
Buster, this problem has been fixed in version 5.1+ds-4+deb10u1.
We recommend that you upgrade your phppgadmin packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS