Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/02/10 12:25 a.m.14 views

Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...

7.5CVSS5.7AI score0.01586EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/10 12:25 a.m.5 views

GHSA-Q4F2-39GR-45JH Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...

7.5CVSS5.7AI score0.01586EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/09 9:26 p.m.2 views

CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

7.5CVSS5.6AI score0.01586EPSS
Exploits1References3
CVE
CVE
added 2026/02/09 9:26 p.m.29 views

CVE-2026-25892

Summary: Adminer

7.5CVSS5.6AI score0.01586EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/09 9:26 p.m.32 views

CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

7.5CVSS0.01586EPSS
Exploits1References3
OSV
OSV
added 2026/02/09 9:26 p.m.6 views

CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

7.5CVSS5.7AI score0.01586EPSS
Exploits1References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key

No description provided by source. ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access from non-privilege...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/04/23 12:0 a.m.39 views

No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key

Exploit for php platform in category web applications ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/04/22 12:0 a.m.56 views

No-CMS 0.6.6 Rev 1 Account Hijack / Remote Command Execution

mcryptexists = functionexists'mcryptencrypt';...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2014/04/22 12:0 a.m.22 views

No-CMS 0.6.6 rev 1 - Admin Account Hijacking Remote Code Execution via Static Encryption Key

No-CMS 0.6.6 rev 1 - Admin Account Hijacking Remote Code Execution via Static Encryption Key ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit...

1.5AI score
Exploits0
Rows per page
Query Builder