GHSA-rxfq-3vpc-vv72
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rxfq-3vpc-vv72
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-rxfq-3vpc-vv72/GHSA-rxfq-3vpc-vv72.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rxfq-3vpc-vv72
- Aliases
- Published
- 2022-04-06T00:01:33Z
- Modified
- 2024-02-20T05:34:06.191209Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Files or Directories Accessible to External Parties in Adminer
- Details
-
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
- Database specific
{ "nvd_published_at": "2022-04-05T02:15:00Z", "cwe_ids": [ "CWE-552" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-04-22T20:33:36Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-43008
- https://github.com/vrana/adminer
- https://github.com/vrana/adminer/releases/tag/v4.6.3
- https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html
- https://podalirius.net/en/cves/2021-43008
- https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
- https://www.adminer.org
Affected packages
Packagist / vrana/adminer
Package
- Name
- vrana/adminer
- Purl
- pkg:composer/vrana/adminer