CVE-2024-2044

CRITICAL Year: 2024
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-31
View all →

Vulnerability Description

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.

Related Vulnerabilities

CVE-2024-24998

HIGH
CVSS:8.8(High)

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

CWE-312024

CVE-2024-41376

HIGH
CVSS:8.8(High)

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.

CWE-312024

CVE-2024-24998

HIGH
CVSS:8.8(High)

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

CWE-312024

CVE-2024-41376

HIGH
CVSS:8.8(High)

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.

CWE-312024

CVE-2019-6268

HIGH
CVSS:7.5(High)

RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.

CWE-312019

CVE-2024-25840

HIGH
CVSS:7.5(High)

In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by...

CWE-312024