CVE-2021-47853: phpPgAdmin contains a remote command execution vulnerability

January 21, 2026 (updated February 2, 2026)

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operating system commands with the application’s privileges.

References

github.com/advisories/GHSA-86gh-c8r8-xwhq
github.com/phppgadmin/phppgadmin
github.com/phppgadmin/phppgadmin/releases
nvd.nist.gov/vuln/detail/CVE-2021-47853
www.exploit-db.com/exploits/49736
www.vulncheck.com/advisories/phppgadmin-copy-from-program-command-execution

Code Behaviors & Features

Detect and mitigate CVE-2021-47853 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →