Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
References
Link | Resource |
---|---|
https://github.com/vrana/adminer/releases/tag/v4.6.3 | Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html | Mailing List Third Party Advisory |
https://podalirius.net/en/cves/2021-43008/ | Exploit Third Party Advisory |
https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | Exploit Third Party Advisory |
https://www.adminer.org/ | Product |
Configurations
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
13 May 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Apr 2022, 20:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* | |
References | (MISC) https://podalirius.net/en/cves/2021-43008/ - Exploit, Third Party Advisory | |
References | (MISC) https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability - Exploit, Third Party Advisory | |
References | (MISC) https://www.adminer.org/ - Product | |
References | (MISC) https://github.com/vrana/adminer/releases/tag/v4.6.3 - Release Notes, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-552 |
05 Apr 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-05 02:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-43008
Mitre link : CVE-2021-43008
CVE.ORG link : CVE-2021-43008
JSON object : View
Products Affected
adminer
- adminer
debian
- debian_linux
CWE