Lucene search
K

Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 18 Views

Adminer 4.6.2–5.4.1 unauthenticated DoS via version check; upgrade to 5.4.2 or later.

Related
Refs
Code
id: CVE-2026-25892

info:
  name: Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS
  author: DhiyaneshDk
  severity: high
  description: |
    Adminer <= 5.4.1 contains a denial of service caused by lack of origin validation in version check endpoint, letting attackers trigger server errors via crafted POST requests, exploit requires no special privileges.
  impact: |
    Attackers can cause server errors resulting in denial of service for all users.
  remediation: Upgrade to Adminer 5.4.2 or later.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cwe-id: CWE-20
    epss-score: 0.01586
    epss-percentile: 0.72629
  reference:
    - https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh
    - https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3
  metadata:
    verified: true
    max-request: 3
    vendor: adminer
    product: adminer
    fofa-query: 'title="Adminer" || body="Adminer"'
    shodan-query: 'http.title:"Adminer"'
  tags: cve,cve2026,adminer,passive

http:
  - method: GET
    path:
      - '{{BaseURL}}/adminer.php'
      - '{{BaseURL}}/editor.php'
      - '{{BaseURL}}/adminer/'

    headers:
      Accept-Language: en-US,en;q=0.5
    stop-at-first-match: true

    redirects: true

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - '<span class="version">([0-9.]+)'
          - 'amp;version=([0-9.]+)'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Adminer</title>"
          - "Adminer</a>"
        condition: or

      - type: status
        status:
          - 200

      - type: dsl
        dsl:
          - 'compare_versions(version, ">=4.6.2", "<=5.4.1")'
# digest: 4b0a00483046022100da3c151c8c2328a7e3fbe010092e241a7c5b03f9dde5c97ca27fdc5653ad1799022100d8f5eb348af7faa8b1ad39d5a97e93220c077c97676ca68050e2250acbf56933:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Feb 2026 21:07Current
6Medium risk
Vulners AI Score6
CVSS 3.17.5
EPSS0.01586
SSVC
18