Improper Validation of Specified Type of Input

Overview vrana/adminer is a Database management in a single file. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the ?script=version endpoint, which does not properly validate the origin of incoming POST data. An attacker can cause a...

File Disclosure

vrana/adminer is vulnerable to File Disclosure. This vulnerability is due to insufficient input validation, allowing unauthorized access to sensitive files within the application's directory...

Arbitrary File Disclosure Via Password Leakage

vrana/adminer is vulnerable to arbitrary file disclosure. The vulnerability exists because the user credential requests when connecting to the database are not properly validated which allows an attacker to send requests to establish a database connection and arbitrarily read files on the server...

Cross-Site Scripting (XSS)

vrana/adminer is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to unsanitized history parameter allowing an attacker to inject malicious javascript code...

Server-Side Request Forgery (SSRF)

vrana/adminer is vulnerable to server-side request forgery SSRF. An attacker is able submit requests on behalf of the server via the error page of Elasticsearch and ClickHouse...

Server-Side Request Forgery (SSRF)

vrana/adminer is vulnerable to server-side request forgery SSRF. An attacker is able to connect to privileged ports and submit requests on behalf of the server...