vrana/adminer is vulnerable to arbitrary file disclosure. The vulnerability exists because the user credential requests when connecting to the database are not properly validated which allows an attacker to send requests to establish a database connection and arbitrarily read files on the server.
CPE | Name | Operator | Version |
---|---|---|---|
vrana/adminer | le | v4.6.2 | |
adminer:stretch | eq | 4.2.5-3+deb9u1 | |
vrana/adminer | le | v4.6.2 | |
adminer:stretch | eq | 4.2.5-3+deb9u1 |
github.com/advisories/GHSA-rxfq-3vpc-vv72
github.com/p0dalirius/CVE-2021-43008-AdminerRead
github.com/vrana/adminer/commit/60d1b7b3b4d21cf4428decd9b674a1b5b5495373
github.com/vrana/adminer/releases/tag/v4.6.3
lists.debian.org/debian-lts-announce/2022/05/msg00012.html
podalirius.net/en/cves/2021-43008/
sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
www.adminer.org/