CVE-2023-45195 Adminer and AdminerEvo SSRF

2024-06-2421:06:09

CWE-918

cisa-cg

www.cve.org

ssrf

adminerevo

cve-2023-45195

vulnerability

database connection

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y

EPSS

Percentile

9.1%

JSON

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
      "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unknown",
    "product": "Adminer",
    "vendor": "Adminer",
    "versions": [
      {
        "lessThanOrEqual": "*",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*",
        "status": "affected",
        "version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
        "versionType": "cpe"
      }
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unknown",
    "product": "AdminerEvo",
    "repo": "https://github.com/adminerevo/adminerevo",
    "vendor": "AdminerEvo",
    "versions": [
      {
        "lessThan": "4.8.4",
        "status": "affected",
        "version": "4.8.2",
        "versionType": "custom"
      },
      {
        "lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
        "status": "affected",
        "version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
        "versionType": "cpe"
      }
    ]
  }
]