Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by Command Prompt, Inc.

    JVNDB-2025-000060

    Vulnerability from jvndb - Published: 2025-08-18 13:40 - Updated:2025-08-18 13:40
    Summary
    PgManage vulnerable to injection
    Details
    PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage (CWE-477). Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. The vendor already updated PgManage to 1.3 when JPCERT/CC contacted. Through the further communication we agreed on this JVN publication to notify users of its latest solution.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000060.html",
  "dc:date": "2025-08-18T13:40+09:00",
  "dcterms:issued": "2025-08-18T13:40+09:00",
  "dcterms:modified": "2025-08-18T13:40+09:00",
  "description": "PgManage provided by Command Prompt, Inc. uses RestrictedPython module.\r\nThe version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage (CWE-477).\r\n\r\nSho Nakatani of SecDevLab Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nThe vendor already updated PgManage to 1.3 when JPCERT/CC contacted.\r\nThrough the further communication we agreed on this JVN publication to notify users of its latest solution.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000060.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:command_prompt_pgmanage",
    "@product": "PgManage",
    "@vendor": "Command Prompt, Inc.",
    "@version": "2.2"
  },
  "sec:identifier": "JVNDB-2025-000060",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN46919949/index.html",
      "@id": "JVN#46919949",
      "@source": "JVN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "PgManage vulnerable to injection"
}