Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') #5522
Description
The PGAdmin ERD Tool can open files on the server. The input is vulnerable to directory traversal. To abuse
this, the POST can be altered:
Steps to reproduce:
- Open Tools -> ERD Tool
- Choose Open File
- Change POST (/pgadmin4/sqleditor/load_file/ )