Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
References
Link | Resource |
---|---|
https://github.com/vrana/adminer/releases/tag/v4.6.3 | Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html | Mailing List Third Party Advisory |
https://podalirius.net/en/cves/2021-43008/ | Exploit Third Party Advisory |
https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | Exploit Third Party Advisory |
https://www.adminer.org/ | Product |
https://github.com/vrana/adminer/releases/tag/v4.6.3 | Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html | Mailing List Third Party Advisory |
https://podalirius.net/en/cves/2021-43008/ | Exploit Third Party Advisory |
https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | Exploit Third Party Advisory |
https://www.adminer.org/ | Product |
Configurations
History
21 Nov 2024, 06:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/vrana/adminer/releases/tag/v4.6.3 - Release Notes, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html - Mailing List, Third Party Advisory | |
References | () https://podalirius.net/en/cves/2021-43008/ - Exploit, Third Party Advisory | |
References | () https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability - Exploit, Third Party Advisory | |
References | () https://www.adminer.org/ - Product |
Information
Published : 2022-04-05 02:15
Updated : 2024-11-21 06:28
NVD link : CVE-2021-43008
Mitre link : CVE-2021-43008
CVE.ORG link : CVE-2021-43008
JSON object : View
Products Affected
debian
- debian_linux
adminer
- adminer
CWE