CVE-2021-43008

Sažetak

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

Reference

https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
https://github.com/vrana/adminer/releases/tag/v4.6.3
https://www.adminer.org/
https://podalirius.net/en/cves/2021-43008/
https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

30-09-2022 - 13:03

Objavljeno

05-04-2022 - 02:15