GHSA-Q4F2-39GR-45JH Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...

Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...

CVE-2026-25892

Summary: Adminer

CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key

No description provided by source. ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access from non-privilege...

No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key

Exploit for php platform in category web applications ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access...

No-CMS 0.6.6 Rev 1 Account Hijack / Remote Command Execution

mcryptexists = functionexists'mcryptencrypt';...

No-CMS 0.6.6 rev 1 - Admin Account Hijacking Remote Code Execution via Static Encryption Key

No-CMS 0.6.6 rev 1 - Admin Account Hijacking Remote Code Execution via Static Encryption Key ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit...