CVE-2025-60798

Published: Nov 20, 2025

Modified: Nov 21, 2025

PUBLISHED

Description

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete database compromise.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/phppgadmin/phppgadmin/blob/master/display.php#L396

https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60797.md

https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60798.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60798

Description

Affected Products

References