ICS-CERT published an advisory on one of my reports last month –
Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code Execution
Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element
This vulnerability can allow attackers to execute arbitrary code on vulnerable installations of pgAdmin4 software. pgAdmin4 is a GUI application for database server administration, and comes packaged with PostgreSQL package.
User interaction is required to exploit this vulnerability in that the malicious dll file(s) should be saved in any of the DLL search paths.
Confirmed on products
pgAdmin4 v1.1: Current version packaged with PostgreSQL v220.127.116.11 (Windows x86 Current version)