Lucene search

Adminer Security Vulnerabilities

cve

CVE-2018-7667

Adminer through 4.3.1 has SSRF via the server parameter.

9.8CVSS

9.3AI Score

0.007EPSS

2018-03-05 07:29 AM

cve

CVE-2020-35186

The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

9.8CVSS

9.5AI Score

0.007EPSS

2020-12-17 02:15 AM

cve

CVE-2020-35572

Adminer through 4.7.8 allows XSS via the history parameter to the default URI.

6.1CVSS

5.8AI Score

0.001EPSS

2021-02-09 06:15 PM

cve

CVE-2021-21311

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. adminer.php) are affected. This is fixed in version 4.7.9.

7.2CVSS

6.7AI Score

0.021EPSS

2021-02-11 09:15 PM

128

cve

CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo_ ext...

7.5CVSS

5.7AI Score

0.002EPSS

2021-05-19 10:15 PM

cve

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

7.5CVSS

7.2AI Score

0.002EPSS

2022-04-05 02:15 AM

102