CVE-2024-2044

CRITICAL

pgAdmin4 < 8.4 - Unauthenticated Path Traversal and Remote Code Execution via Session Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-2044. PoCs published by Spencer McIntyre, Davide Silvetti, Abdel Adim Oisfi, including Metasploit module exploits/multi/http/pgadmin_session_deserialization.

AI-analyzed exploit summary This Metasploit module exploits a path traversal vulnerability in pgAdmin's session management to achieve remote code execution via deserialization of a malicious Python object. It supports both authenticated (file upload) and unauthenticated (SMB UNC path) techniques.

Description

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Spencer McIntyre, Davide Silvetti, Abdel Adim Oisfi · rubypocpython

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/pgadmin_session_deserialization.rb

View Code ZIP pw:eip

This Metasploit module exploits a path traversal vulnerability in pgAdmin's session management to achieve remote code execution via deserialization of a malicious Python object. It supports both authenticated (file upload) and unauthenticated (SMB UNC path) techniques.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pgAdmin <= 8.3

No auth needed

Prerequisites: Network access to pgAdmin · For unauthenticated technique: Windows target with SMB access

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/

Issue Tracking, Vendor Advisory issue-tracking

https://github.com/pgadmin-org/pgadmin4/issues/7258

Exploit, Third Party Advisory mitigation

https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/

Scores

CVSS v3 9.9

EPSS 0.8347

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-31

Status published

Products (3)

fedoraproject/fedora 40

pgadmin/pgadmin_4 < 8.4

pypi/pgAdmin4 0 - 8.4PyPI

Published Mar 07, 2024

Tracked Since Feb 18, 2026