CVE-2021-4259

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-4259

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4259.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-4259

Published

2022-12-19T14:15:10Z

Modified

2025-10-21T06:37:24.362907Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267.

References

Affected packages

Git / github.com/erikdubbelboer/phpredisadmin

Affected ranges

Type: GIT
Repo: https://github.com/erikdubbelboer/phpredisadmin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

31aa7661e6db6f4dffbf9a635817832a0a11c7d9

Fixed

33d3d99ccbb553bb12d2b10c4e45abafd55bcd3c

Affected versions

1.*

1.4.2

v1.*

v1.1.0

v1.10.0

v1.10.1

v1.10.2

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.12.0

v1.13.0

v1.13.1

v1.13.2

v1.14.0

v1.14.1

v1.15.0

v1.16.0

v1.16.1

v1.2.0

v1.2.1

v1.3.0

v1.4.0

v1.4.1

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0