4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.0%
Users of MySQL, MariaDB, PgSQL and SQLite are affected. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo_
extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected.
Patched by 4043092, included in version 4.8.1.
Do both:
mysqli
) or disable displaying PHP errors (display_errors
).https://sourceforge.net/p/adminer/bugs-and-features/797/
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
vrana/adminer | lt | 4.8.1 |
github.com/advisories/GHSA-2v82-5746-vwqc
github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc
nvd.nist.gov/vuln/detail/CVE-2021-29625
packagist.org/packages/vrana/adminer
sourceforge.net/p/adminer/bugs-and-features/797/
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.0%