| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| CVE-2026-25892 | 9 Feb 202621:26 | – | attackerkb | |
| CVE-2026-25892 | 8 Feb 202615:45 | – | circl | |
| Adminer 输入验证错误漏洞 | 9 Feb 202600:00 | – | cnnvd | |
| CVE-2026-25892 | 9 Feb 202621:26 | – | cve | |
| CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint | 9 Feb 202621:26 | – | cvelist | |
| CVE-2026-25892 | 9 Feb 202621:26 | – | debiancve | |
| Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint | 10 Feb 202600:25 | – | github | |
| CVE-2026-25892 | 9 Feb 202622:16 | – | nvd | |
| CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint | 9 Feb 202621:26 | – | osv | |
| GHSA-Q4F2-39GR-45JH Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint | 10 Feb 202600:25 | – | osv |
id: CVE-2026-25892
info:
name: Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS
author: DhiyaneshDk
severity: high
description: |
Adminer <= 5.4.1 contains a denial of service caused by lack of origin validation in version check endpoint, letting attackers trigger server errors via crafted POST requests, exploit requires no special privileges.
impact: |
Attackers can cause server errors resulting in denial of service for all users.
remediation: Upgrade to Adminer 5.4.2 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cwe-id: CWE-20
epss-score: 0.01586
epss-percentile: 0.72629
reference:
- https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh
- https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3
metadata:
verified: true
max-request: 3
vendor: adminer
product: adminer
fofa-query: 'title="Adminer" || body="Adminer"'
shodan-query: 'http.title:"Adminer"'
tags: cve,cve2026,adminer,passive
http:
- method: GET
path:
- '{{BaseURL}}/adminer.php'
- '{{BaseURL}}/editor.php'
- '{{BaseURL}}/adminer/'
headers:
Accept-Language: en-US,en;q=0.5
stop-at-first-match: true
redirects: true
extractors:
- type: regex
name: version
part: body
group: 1
regex:
- '<span class="version">([0-9.]+)'
- 'amp;version=([0-9.]+)'
matchers-condition: and
matchers:
- type: word
words:
- "Adminer</title>"
- "Adminer</a>"
condition: or
- type: status
status:
- 200
- type: dsl
dsl:
- 'compare_versions(version, ">=4.6.2", "<=5.4.1")'
# digest: 4b0a00483046022100da3c151c8c2328a7e3fbe010092e241a7c5b03f9dde5c97ca27fdc5653ad1799022100d8f5eb348af7faa8b1ad39d5a97e93220c077c97676ca68050e2250acbf56933:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation