CVE-2021-43008 – vrana/adminer

Package

Manager: composer
Name: vrana/adminer
Vulnerable Version: >=1.12.0 <4.6.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.8364 pctl0.99246

Details

Files or Directories Accessible to External Parties in Adminer Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

Metadata

Created: 2022-04-06T00:01:33Z
Modified: 2022-04-22T20:33:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-rxfq-3vpc-vv72/GHSA-rxfq-3vpc-vv72.json
CWE IDs: ["CWE-552"]
Alternative ID: GHSA-rxfq-3vpc-vv72
Finding: F123
Auto approve: 1