All the vulnerabilites related to AdminerEvo - AdminerEvo
cve-2023-45195
Vulnerability from cvelistv5
Published
2024-06-24 21:06
Modified
2024-08-02 20:14
Summary
Adminer and AdminerEvo SSRF
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45195",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T14:34:53.587598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T14:35:33.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:19.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
            "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Adminer",
          "vendor": "Adminer",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
              "status": "affected",
              "version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "AdminerEvo",
          "repo": "https://github.com/adminerevo/adminerevo",
          "vendor": "AdminerEvo",
          "versions": [
            {
              "lessThan": "4.8.4",
              "status": "affected",
              "version": "4.8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
              "status": "affected",
              "version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        }
      ],
      "datePublic": "2024-04-07T15:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAdminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAdminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-24T21:06:09.735Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Adminer and AdminerEvo SSRF",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2023-45195",
    "datePublished": "2024-06-24T21:06:09.735Z",
    "dateReserved": "2023-10-05T03:54:13.664Z",
    "dateUpdated": "2024-08-02T20:14:19.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-45196
Vulnerability from cvelistv5
Published
2024-06-24 20:48
Modified
2024-08-02 20:14
Summary
Adminer and AdminerEvo denial of service via HTTP redirect
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:20:08.611689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:20:53.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:20.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
            "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Adminer",
          "vendor": "Adminer",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
              "status": "affected",
              "version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "AdminerEvo",
          "repo": "https://github.com/adminerevo/adminerevo",
          "vendor": "AdminerEvo",
          "versions": [
            {
              "lessThan": "4.8.4",
              "status": "affected",
              "version": "4.8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
              "status": "affected",
              "version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        }
      ],
      "datePublic": "2024-04-07T15:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAdminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-24T20:48:21.534Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Adminer and AdminerEvo denial of service via HTTP redirect",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2023-45196",
    "datePublished": "2024-06-24T20:48:21.534Z",
    "dateReserved": "2023-10-05T03:54:13.664Z",
    "dateUpdated": "2024-08-02T20:14:20.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-45197
Vulnerability from cvelistv5
Published
2024-06-21 14:28
Modified
2024-08-02 20:14
Summary
Adminer and AdminerEvo vulnerable to directory traversal and file upload
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45197",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:13:59.794884Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:14:14.814Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:19.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
            "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Adminer",
          "vendor": "Adminer",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
              "status": "affected",
              "version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:adminerevo:adminerevo:4.8.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "AdminerEvo",
          "programFiles": [
            "plugins/file-upload.php"
          ],
          "repo": "https://github.com/adminerevo/adminerevo",
          "vendor": "AdminerEvo",
          "versions": [
            {
              "lessThan": "4.8.3",
              "status": "affected",
              "version": "4.8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.3:*:*:*:*:*:*:*",
              "status": "affected",
              "version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
              "versionType": "cpe"
            }
          ]
        }
      ],
      "datePublic": "2023-10-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of \u201c..\u201d to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.\u003c/p\u003e"
            }
          ],
          "value": "The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of \u201c..\u201d to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-24T20:27:12.198Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Adminer and AdminerEvo vulnerable to directory traversal and file upload",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2023-45197",
    "datePublished": "2024-06-21T14:28:36.476Z",
    "dateReserved": "2023-10-05T03:54:13.664Z",
    "dateUpdated": "2024-08-02T20:14:19.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}