CVE-2022-0959 in pgAdmin
Summary
by MITRE • 03/16/2022
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/17/2025
The vulnerability identified as CVE-2022-0959 affects pgAdmin 4 when operating in server mode, presenting a critical path traversal flaw that enables authenticated users to upload files to arbitrary locations within the server filesystem. This issue stems from inadequate input validation during file upload operations, specifically within the URI handling mechanism that processes upload requests. The vulnerability manifests when users with valid credentials attempt to upload SQL scripts or other files through the graphical user interface, exploiting a flaw in the path validation logic that fails to properly sanitize the upload destination parameters.
The technical exploitation of this vulnerability relies on the fact that pgAdmin 4 maintains individual storage directories for each user session, yet the upload endpoint does not adequately verify that file paths remain within the designated storage boundaries. An attacker with valid authentication credentials can construct malicious HTTP requests that manipulate the upload path through crafted URI parameters, effectively bypassing the intended directory restrictions. This flaw operates under the common weakness pattern classified as CWE-22 Path Traversal, where insufficient validation of input paths allows attackers to access files or directories outside of the intended scope. The vulnerability is particularly dangerous because it leverages existing session tokens and CSRF protection mechanisms, meaning that an authenticated user can exploit this without requiring additional authentication credentials or privilege escalation.
The operational impact of CVE-2022-0959 extends beyond simple unauthorized file placement, as the compromised system allows for arbitrary file writing permissions based on the privileges of the pgAdmin operating system account. This means that if pgAdmin runs under a privileged account such as root or a dedicated service account with broad filesystem permissions, the attacker could potentially place malicious executables, configuration files, or backdoor scripts in critical system directories. The vulnerability aligns with ATT&CK technique T1078 Valid Accounts, where adversaries leverage legitimate credentials to gain access to systems, and T1059 Command and Scripting Interpreter, as the ability to place executable files opens possibilities for code execution. Organizations using pgAdmin 4 in server mode face significant risk of data compromise, system integrity violations, and potential lateral movement within their network infrastructure, as the vulnerability enables persistent access mechanisms and privilege escalation paths.
Mitigation strategies for CVE-2022-0959 should focus on implementing robust input validation and path sanitization within the pgAdmin application's file upload handlers. The most effective immediate solution involves patching the application to enforce strict path validation that prevents any upload operations from writing files outside of designated storage directories, regardless of user input. Organizations should also consider implementing network segmentation and privilege separation by running pgAdmin under a dedicated service account with minimal required filesystem permissions. Additional defensive measures include monitoring file upload activities, implementing web application firewalls to detect and block suspicious path traversal attempts, and conducting regular security audits of file system permissions. The vulnerability demonstrates the importance of following secure coding practices as outlined in OWASP Top Ten and NIST cybersecurity guidelines, particularly regarding input validation and privilege management in web applications. Organizations should also review their access control policies to ensure that pgAdmin server mode is only enabled when absolutely necessary and that proper network access controls are in place to limit exposure to internal and external threats.