Lucene search
K

263 matches found

Veracode
Veracode
added 2022/04/06 2:7 p.m.29 views

Arbitrary File Disclosure Via Password Leakage

vrana/adminer is vulnerable to arbitrary file disclosure. The vulnerability exists because the user credential requests when connecting to the database are not properly validated which allows an attacker to send requests to establish a database connection and arbitrarily read files on the server...

7.5CVSS3.2AI score0.13641EPSS
Exploits4References8Affected Software2
Github Security Blog
Github Security Blog
added 2022/04/06 12:1 a.m.38 views

Files or Directories Accessible to External Parties in Adminer

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5CVSS8AI score0.13641EPSS
Exploits4References7Affected Software1
OSV
OSV
added 2022/04/06 12:1 a.m.32 views

GHSA-RXFQ-3VPC-VV72 Files or Directories Accessible to External Parties in Adminer

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5CVSS7.3AI score0.13641EPSS
Exploits4References7
OpenVAS
OpenVAS
added 2022/04/06 12:0 a.m.20 views

Adminer 1.12.0 - 4.6.2 Information Disclosure Vulnerability

Adminer is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adminer:adminer";...

7.5CVSS7.3AI score0.13641EPSS
Exploits4References3
NVD
NVD
added 2022/04/05 2:15 a.m.17 views

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5CVSS0.13641EPSS
Exploits4References5
OSV
OSV
added 2022/04/05 2:15 a.m.20 views

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5CVSS6.6AI score
Exploits0References5
OSV
OSV
added 2022/04/05 2:15 a.m.1 views

DEBIAN-CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5CVSS7.4AI score0.13641EPSS
Exploits4References1
UbuntuCve
UbuntuCve
added 2022/04/05 2:15 a.m.56 views

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5CVSS7.1AI score0.13641EPSS
Exploits4References5
Prion
Prion
added 2022/04/05 2:15 a.m.28 views

Improper access control

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

5CVSS7.3AI score0.13641EPSS
Exploits4References5Affected Software2
OSV
OSV
added 2022/04/05 2:15 a.m.1 views

UBUNTU-CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5CVSS5.8AI score0.13641EPSS
Exploits4References6
Cvelist
Cvelist
added 2022/04/05 1:46 a.m.34 views

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5AI score0.13641EPSS
Exploits4References5
CVE
CVE
added 2022/04/05 1:46 a.m.176 views

CVE-2021-43008

The CVE-2021-43008 vulnerability affects Adminer ≤ 4.6.2, where improper access control allows an attacker-controlled remote MySQL server to trigger Adminer to read a local file via LOAD DATA LOCAL INFILE, exposing sensitive files (e.g., /etc/passwd). The issue can enable Arbitrary File Read on t...

7.5CVSS7.2AI score0.13641EPSS
Exploits4References5Affected Software1
Debian CVE
Debian CVE
added 2022/04/05 1:46 a.m.48 views

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

7.5CVSS7.4AI score0.13641EPSS
Exploits4
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.3 views

SOURCEFORGE Adminer安全漏洞

SOURCEFORGE Adminer is an application from the American SOURCEFORGE community. It provides database management in a single PHP file. A security vulnerability exists in Adminer version 4.6.2 and prior versions that stems from the presence of improper access control. An attacker can exploit the...

7.5CVSS7.5AI score0.13641EPSS
Exploits4References11
Positive Technologies
Positive Technologies
added 2022/03/24 12:0 a.m.5 views

PT-2022-11760 · Adminer · Adminer

Name of the Vulnerable Software and Affected Versions: Adminer versions 1.12.0 through 4.6.2 Description: The issue allows an attacker to achieve arbitrary file read on a remote server by requesting Adminer to connect to a remote MySQL database, due to improper access control. Recommendations: Fo...

7.5CVSS7.3AI score0.13641EPSS
Exploits4References23
Github Security Blog
Github Security Blog
added 2022/03/18 5:49 p.m.26 views

XSS in doc_link

Impact Users of MySQL, MariaDB, PgSQL and SQLite are affected. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo extension to communicate with the database it is used if the native extensions are not enabled. In browsers without...

7.5CVSS0.8AI score0.09572EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/03/18 5:49 p.m.23 views

GHSA-2V82-5746-VWQC XSS in doc_link

Impact Users of MySQL, MariaDB, PgSQL and SQLite are affected. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo extension to communicate with the database it is used if the native extensions are not enabled. In browsers without...

7.5CVSS6.5AI score0.09572EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2022/02/14 6:54 p.m.7 views

Exploit for Server-Side Request Forgery in Adminer

CVE-2021-21311 Adminer is an open-source database managem...

7.2CVSS6.9AI score0.90461EPSS
Exploits3
GithubExploit
GithubExploit
added 2021/12/13 5:26 p.m.833 views

Exploit for CVE-2021-43008

CVE-2021-43008 - AdminerRead Exploit tool for Adminer 1...

7.5CVSS7.5AI score0.13641EPSS
Exploits4
NVD
NVD
added 2021/09/15 2:15 p.m.29 views

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

5.4CVSS0.00825EPSS
Exploits1References1
Rows per page
Query Builder