Lucene search
Veracode Vulnerability DatabaseVERACODE:34993HistoryApr 06, 2022 - 2:07 p.m.
Arbitrary File Disclosure Via Password Leakage
2022-04-0614:07:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
0.002 Low
EPSS
Percentile
55.9%
vrana/adminer is vulnerable to arbitrary file disclosure. The vulnerability exists because the user credential requests when connecting to the database are not properly validated which allows an attacker to send requests to establish a database connection and arbitrarily read files on the server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vrana/adminer | le | v4.6.2 | |
| adminer:stretch | eq | 4.2.5-3+deb9u1 | |
| vrana/adminer | le | v4.6.2 | |
| adminer:stretch | eq | 4.2.5-3+deb9u1 |
References
github.com/advisories/GHSA-rxfq-3vpc-vv72
github.com/p0dalirius/CVE-2021-43008-AdminerRead
github.com/vrana/adminer/commit/60d1b7b3b4d21cf4428decd9b674a1b5b5495373
github.com/vrana/adminer/releases/tag/v4.6.3
lists.debian.org/debian-lts-announce/2022/05/msg00012.html
podalirius.net/en/cves/2021-43008/
sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
www.adminer.org/
Related
nessus
nessus
Debian DLA-3002-1 : adminer - LTS security update
2022-05-14 00:00:00
osv
osv
adminer - security update
2022-05-13 00:00:00
CVE-2021-43008
2022-04-05 02:15:06
Files or Directories Accessible to External Parties in Adminer
2022-04-06 00:01:33
ubuntucve
ubuntucve
CVE-2021-43008
2022-04-05 00:00:00
cvelist
cvelist
CVE-2021-43008
2022-04-05 01:46:09
cve
cve
CVE-2021-43008
2022-04-05 02:15:06
github
github
Files or Directories Accessible to External Parties in Adminer
2022-04-06 00:01:33
prion
prion
Improper access control
2022-04-05 02:15:00
openvas
openvas
Debian: Security Advisory (DLA-3002-1)
2022-05-14 00:00:00
Adminer 1.12.0 - 4.6.2 Information Disclosure Vulnerability
2022-04-06 00:00:00
nvd
nvd
CVE-2021-43008
2022-04-05 02:15:06
ics
ics
Adminer in Industrial Products
2022-05-10 12:00:00
debian
debian
[SECURITY] [DLA 3002-1] adminer security update
2022-05-13 17:07:00
githubexploit
githubexploit
Exploit for CVE-2021-43008
2022-05-10 16:00:50
Exploit for CVE-2021-43008
2021-12-13 17:26:49
debiancve
debiancve
CVE-2021-43008
2022-04-05 02:15:06