Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
References
Link | Resource |
---|---|
https://github.com/vrana/adminer/releases/tag/v4.6.3 | Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html | Mailing List Third Party Advisory |
https://podalirius.net/en/cves/2021-43008/ | Exploit Third Party Advisory |
https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | Exploit Third Party Advisory |
https://www.adminer.org/ | Product |
Configurations
History
30 Sep 2022, 13:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
CWE | ||
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html - Mailing List, Third Party Advisory | |
First Time |
Debian debian Linux
Debian |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
13 May 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Apr 2022, 20:47
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-552 | |
CPE | cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* | |
First Time |
Adminer
Adminer adminer |
|
References | (MISC) https://www.adminer.org/ - Product | |
References | (MISC) https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/vrana/adminer/releases/tag/v4.6.3 - Release Notes, Third Party Advisory | |
References | (MISC) https://podalirius.net/en/cves/2021-43008/ - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
05 Apr 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-05 02:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-43008
Mitre link : CVE-2021-43008
CVE.ORG link : CVE-2021-43008
JSON object : View
Products Affected
adminer
- adminer
debian
- debian_linux
CWE