CVE-2021-47853
Remote Command Execution via SQL Injection in phpPgAdmin
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phppgadmin | phppgadmin | to 7.13.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in phpPgAdmin 7.13.0 allows authenticated attackers to execute arbitrary operating system commands remotely. The attacker first creates a custom table, then uploads a malicious .txt file containing a SQL statement that uses the PostgreSQL "COPY FROM PROGRAM" command. This command executes OS commands with the application's privileges. The attacker can then retrieve the output of these commands, effectively gaining remote command execution and control over the system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a complete compromise of the system running phpPgAdmin. An attacker with valid authentication can execute arbitrary system commands with the application's privileges, potentially leading to unauthorized data access, data modification, system disruption, or full system takeover. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for the presence of the vulnerable phpPgAdmin version 7.13.0 and monitoring for suspicious SQL queries that use the COPY FROM PROGRAM command. Specifically, you can look for SQL queries that create a table named 'cmd_exec' and use COPY commands like: COPY cmd_exec FROM PROGRAM 'id; cd /root; ls';. To detect exploitation attempts, monitor logs for such SQL commands or unusual file uploads of .txt files containing SQL statements. There is no direct network command provided, but reviewing database query logs and uploaded files for these patterns is recommended. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading phpPgAdmin to a version later than 7.13.0 where this vulnerability is fixed. Restrict access to phpPgAdmin to trusted users only, as the vulnerability requires authenticated access with high privileges. Additionally, monitor and restrict the ability to upload files and execute SQL commands that use COPY FROM PROGRAM. Applying principle of least privilege to the database user running phpPgAdmin can also reduce risk. [2, 3]