CVE-2023-45195

2024-06-2422:15:10

CWE-918

cisa-cg

web.nvd.nist.gov

adminer

adminerevo

ssrf

vulnerability

fixed

version 4.8.4

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.1%

JSON

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
      "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unknown",
    "product": "Adminer",
    "vendor": "Adminer",
    "versions": [
      {
        "lessThanOrEqual": "*",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
        "status": "affected",
        "version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
        "versionType": "cpe"
      }
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unknown",
    "product": "AdminerEvo",
    "repo": "https://github.com/adminerevo/adminerevo",
    "vendor": "AdminerEvo",
    "versions": [
      {
        "lessThan": "4.8.4",
        "status": "affected",
        "version": "4.8.2",
        "versionType": "custom"
      },
      {
        "lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
        "status": "affected",
        "version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
        "versionType": "cpe"
      }
    ]
  }
]