CVE-2023-45195 Adminer and AdminerEvo SSRF

2024-06-2421:06:09

CWE-918

cisa-cg

github.com

cve-2023-45195

ssrf

adminerevo

6.9 Medium

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
      "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
    ],
    "vendor": "Adminer",
    "product": "Adminer",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      },
      {
        "status": "affected",
        "version": "cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:*",
        "versionType": "cpe",
        "lessThanOrEqual": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:adminerevo:adminerevo:4.8.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*"
    ],
    "repo": "https://github.com/adminerevo/adminerevo",
    "vendor": "AdminerEvo",
    "product": "AdminerEvo",
    "versions": [
      {
        "status": "affected",
        "version": "4.8.2",
        "lessThan": "4.8.4",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:*",
        "lessThan": "cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:*",
        "versionType": "cpe"
      }
    ],
    "defaultStatus": "unknown"
  }
]