Vulnerability Details : CVE-2021-43008
Potential exploit
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
Products affected by CVE-2021-43008
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-43008
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-43008
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2021-43008
-
https://www.adminer.org/
Adminer - Database management in a single PHP fileProduct
-
https://github.com/vrana/adminer/releases/tag/v4.6.3
Release v4.6.3 · vrana/adminer · GitHubRelease Notes;Third Party Advisory
-
https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
PHP tool 'Adminer' leaks passwords – SansecExploit;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html
[SECURITY] [DLA 3002-1] adminer security updateMailing List;Third Party Advisory
-
https://podalirius.net/en/cves/2021-43008/
CVE-2021-43008 - Adminer - Arbitrary file read · PodaliriusExploit;Third Party Advisory
Jump to