Search criteria
9 vulnerabilities found for adminerevo by adminerevo
FKIE_CVE-2023-45195
Vulnerability from fkie_nvd - Published: 2024-06-24 22:15 - Updated: 2025-10-15 15:32
Severity ?
Summary
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adminerevo | adminerevo | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adminerevo:adminerevo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5CDF4-68BB-4A5C-A4C6-853CC2D8385B",
"versionEndExcluding": "4.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
},
{
"lang": "es",
"value": "Adminer y AdminerEvo son vulnerables a SSRF a trav\u00e9s de campos de conexi\u00f3n de base de datos. Esto podr\u00eda permitir que un atacante remoto no autenticado enumere o acceda a sistemas a los que de otra manera el atacante no tendr\u00eda acceso. Adminer ya no es compatible, pero este problema se solucion\u00f3 en AdminerEvo versi\u00f3n 4.8.4."
}
],
"id": "CVE-2023-45195",
"lastModified": "2025-10-15T15:32:13.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
},
"published": "2024-06-24T22:15:10.060",
"references": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Patch"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc"
}
],
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-45196
Vulnerability from fkie_nvd - Published: 2024-06-24 21:15 - Updated: 2025-10-15 15:32
Severity ?
Summary
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adminerevo | adminerevo | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adminerevo:adminerevo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F5CDF4-68BB-4A5C-A4C6-853CC2D8385B",
"versionEndExcluding": "4.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
},
{
"lang": "es",
"value": "Adminer y AdminerEvo permiten que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio al conectarse a un servicio controlado por el atacante que responde con redirecciones HTTP. La denegaci\u00f3n de servicio est\u00e1 sujeta a los l\u00edmites de configuraci\u00f3n de PHP. Adminer ya no es compatible, pero este problema se solucion\u00f3 en AdminerEvo versi\u00f3n 4.8.4."
}
],
"id": "CVE-2023-45196",
"lastModified": "2025-10-15T15:32:11.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
},
"published": "2024-06-24T21:15:25.630",
"references": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Patch"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
}
],
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-45197
Vulnerability from fkie_nvd - Published: 2024-06-21 15:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adminerevo | adminerevo | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adminerevo:adminerevo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD7F783-BAAA-4824-AE44-CC5D0FE9D14F",
"versionEndExcluding": "4.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of \u201c..\u201d to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3."
},
{
"lang": "es",
"value": "El complemento de carga de archivos en Adminer y AdminerEvo permite a un atacante cargar un archivo con un nombre de tabla \"...\" en la ra\u00edz del directorio de Adminer. El atacante puede adivinar efectivamente el nombre del archivo cargado y ejecutarlo. Adminer ya no es compatible, pero este problema se solucion\u00f3 en la versi\u00f3n 4.8.3 de AdminerEvo."
}
],
"id": "CVE-2023-45197",
"lastModified": "2024-11-21T08:26:31.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
},
"published": "2024-06-21T15:15:15.647",
"references": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Patch"
],
"url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"url": "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3"
}
],
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-45195 (GCVE-0-2023-45195)
Vulnerability from cvelistv5 – Published: 2024-06-24 21:06 – Updated: 2024-08-02 20:14
VLAI?
Summary
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Adminer | Adminer |
Affected:
0 , ≤ *
(custom)
Affected: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* , ≤ cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* (cpe) cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T14:34:53.587598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:35:33.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "Adminer",
"vendor": "Adminer",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
},
{
"cpes": [
"cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "AdminerEvo",
"repo": "https://github.com/adminerevo/adminerevo",
"vendor": "AdminerEvo",
"versions": [
{
"lessThan": "4.8.4",
"status": "affected",
"version": "4.8.2",
"versionType": "custom"
},
{
"lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
}
],
"datePublic": "2024-04-07T15:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAdminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAdminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T21:06:09.735Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Adminer and AdminerEvo SSRF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-45195",
"datePublished": "2024-06-24T21:06:09.735Z",
"dateReserved": "2023-10-05T03:54:13.664Z",
"dateUpdated": "2024-08-02T20:14:19.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45196 (GCVE-0-2023-45196)
Vulnerability from cvelistv5 – Published: 2024-06-24 20:48 – Updated: 2024-08-02 20:14
VLAI?
Summary
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Adminer | Adminer |
Affected:
0 , ≤ *
(custom)
Affected: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* , ≤ cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* (cpe) cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:20:08.611689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:20:53.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:20.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "Adminer",
"vendor": "Adminer",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
},
{
"cpes": [
"cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "AdminerEvo",
"repo": "https://github.com/adminerevo/adminerevo",
"vendor": "AdminerEvo",
"versions": [
{
"lessThan": "4.8.4",
"status": "affected",
"version": "4.8.2",
"versionType": "custom"
},
{
"lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
}
],
"datePublic": "2024-04-07T15:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAdminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T20:48:21.534Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Adminer and AdminerEvo denial of service via HTTP redirect",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-45196",
"datePublished": "2024-06-24T20:48:21.534Z",
"dateReserved": "2023-10-05T03:54:13.664Z",
"dateUpdated": "2024-08-02T20:14:20.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45197 (GCVE-0-2023-45197)
Vulnerability from cvelistv5 – Published: 2024-06-21 14:28 – Updated: 2024-08-02 20:14
VLAI?
Summary
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Adminer | Adminer |
Affected:
0 , ≤ *
(custom)
Affected: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* , ≤ cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* (cpe) cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:13:59.794884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:14:14.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "Adminer",
"vendor": "Adminer",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
},
{
"cpes": [
"cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:adminerevo:adminerevo:4.8.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "AdminerEvo",
"programFiles": [
"plugins/file-upload.php"
],
"repo": "https://github.com/adminerevo/adminerevo",
"vendor": "AdminerEvo",
"versions": [
{
"lessThan": "4.8.3",
"status": "affected",
"version": "4.8.2",
"versionType": "custom"
},
{
"lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.3:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
}
],
"datePublic": "2023-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of \u201c..\u201d to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.\u003c/p\u003e"
}
],
"value": "The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of \u201c..\u201d to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T20:27:12.198Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Adminer and AdminerEvo vulnerable to directory traversal and file upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-45197",
"datePublished": "2024-06-21T14:28:36.476Z",
"dateReserved": "2023-10-05T03:54:13.664Z",
"dateUpdated": "2024-08-02T20:14:19.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45195 (GCVE-0-2023-45195)
Vulnerability from nvd – Published: 2024-06-24 21:06 – Updated: 2024-08-02 20:14
VLAI?
Summary
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Adminer | Adminer |
Affected:
0 , ≤ *
(custom)
Affected: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* , ≤ cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* (cpe) cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T14:34:53.587598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:35:33.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "Adminer",
"vendor": "Adminer",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
},
{
"cpes": [
"cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "AdminerEvo",
"repo": "https://github.com/adminerevo/adminerevo",
"vendor": "AdminerEvo",
"versions": [
{
"lessThan": "4.8.4",
"status": "affected",
"version": "4.8.2",
"versionType": "custom"
},
{
"lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
}
],
"datePublic": "2024-04-07T15:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAdminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAdminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T21:06:09.735Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Adminer and AdminerEvo SSRF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-45195",
"datePublished": "2024-06-24T21:06:09.735Z",
"dateReserved": "2023-10-05T03:54:13.664Z",
"dateUpdated": "2024-08-02T20:14:19.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45196 (GCVE-0-2023-45196)
Vulnerability from nvd – Published: 2024-06-24 20:48 – Updated: 2024-08-02 20:14
VLAI?
Summary
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Adminer | Adminer |
Affected:
0 , ≤ *
(custom)
Affected: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* , ≤ cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* (cpe) cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:20:08.611689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:20:53.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:20.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "Adminer",
"vendor": "Adminer",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
},
{
"cpes": [
"cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "AdminerEvo",
"repo": "https://github.com/adminerevo/adminerevo",
"vendor": "AdminerEvo",
"versions": [
{
"lessThan": "4.8.4",
"status": "affected",
"version": "4.8.2",
"versionType": "custom"
},
{
"lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
}
],
"datePublic": "2024-04-07T15:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAdminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.\u00a0Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T20:48:21.534Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Adminer and AdminerEvo denial of service via HTTP redirect",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-45196",
"datePublished": "2024-06-24T20:48:21.534Z",
"dateReserved": "2023-10-05T03:54:13.664Z",
"dateUpdated": "2024-08-02T20:14:20.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45197 (GCVE-0-2023-45197)
Vulnerability from nvd – Published: 2024-06-21 14:28 – Updated: 2024-08-02 20:14
VLAI?
Summary
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Adminer | Adminer |
Affected:
0 , ≤ *
(custom)
Affected: cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* , ≤ cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* (cpe) cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:13:59.794884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:14:14.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "Adminer",
"vendor": "Adminer",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
},
{
"cpes": [
"cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:adminerevo:adminerevo:4.8.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "AdminerEvo",
"programFiles": [
"plugins/file-upload.php"
],
"repo": "https://github.com/adminerevo/adminerevo",
"vendor": "AdminerEvo",
"versions": [
{
"lessThan": "4.8.3",
"status": "affected",
"version": "4.8.2",
"versionType": "custom"
},
{
"lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.3:*:*:*:*:*:*:*",
"status": "affected",
"version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
"versionType": "cpe"
}
]
}
],
"datePublic": "2023-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of \u201c..\u201d to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.\u003c/p\u003e"
}
],
"value": "The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of \u201c..\u201d to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T20:27:12.198Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Adminer and AdminerEvo vulnerable to directory traversal and file upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-45197",
"datePublished": "2024-06-21T14:28:36.476Z",
"dateReserved": "2023-10-05T03:54:13.664Z",
"dateUpdated": "2024-08-02T20:14:19.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}