CVE-2021-43008

Published: Apr 5, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

Affected (2)

Products: Adminer: Adminer · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adminer Adminer	From 1.12.0 to 4.6.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

References (10)

https://github.com/vrana/adminer/releases/tag/v4.6.3

Source: cve@mitre.org

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://podalirius.net/en/cves/2021-43008/

Source: cve@mitre.org

ExploitThird Party Advisory

https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.adminer.org/

Source: cve@mitre.org

Product

https://github.com/vrana/adminer/releases/tag/v4.6.3