Vulnerability Details CVE-2021-43008
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.855
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/vrana/adminer/releases/tag/v4.6.3
- https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html
- https://podalirius.net/en/cves/2021-43008/
- https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
- https://www.adminer.org/
- https://github.com/vrana/adminer/releases/tag/v4.6.3
- https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html
- https://podalirius.net/en/cves/2021-43008/
- https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
- https://www.adminer.org/
Products affected by CVE-2021-43008
-
cpe:2.3:a:adminer:adminer:3.0.0
-
cpe:2.3:a:adminer:adminer:3.0.1
-
cpe:2.3:a:adminer:adminer:3.1.0
-
cpe:2.3:a:adminer:adminer:3.2.0
-
cpe:2.3:a:adminer:adminer:3.2.1
-
cpe:2.3:a:adminer:adminer:3.2.2
-
cpe:2.3:a:adminer:adminer:3.3.0
-
cpe:2.3:a:adminer:adminer:3.3.1
-
cpe:2.3:a:adminer:adminer:3.3.2
-
cpe:2.3:a:adminer:adminer:3.3.3
-
cpe:2.3:a:adminer:adminer:3.3.4
-
cpe:2.3:a:adminer:adminer:3.4.0
-
cpe:2.3:a:adminer:adminer:3.5.0
-
cpe:2.3:a:adminer:adminer:3.5.1
-
cpe:2.3:a:adminer:adminer:3.6.0
-
cpe:2.3:a:adminer:adminer:3.6.1
-
cpe:2.3:a:adminer:adminer:3.6.2
-
cpe:2.3:a:adminer:adminer:3.6.3
-
cpe:2.3:a:adminer:adminer:3.6.4
-
cpe:2.3:a:adminer:adminer:3.7.0
-
cpe:2.3:a:adminer:adminer:3.7.1
-
cpe:2.3:a:adminer:adminer:4.0.0
-
cpe:2.3:a:adminer:adminer:4.0.1
-
cpe:2.3:a:adminer:adminer:4.0.2
-
cpe:2.3:a:adminer:adminer:4.0.3
-
cpe:2.3:a:adminer:adminer:4.1.0
-
cpe:2.3:a:adminer:adminer:4.2.0
-
cpe:2.3:a:adminer:adminer:4.2.1
-
cpe:2.3:a:adminer:adminer:4.2.2
-
cpe:2.3:a:adminer:adminer:4.2.3
-
cpe:2.3:a:adminer:adminer:4.2.4
-
cpe:2.3:a:adminer:adminer:4.2.5
-
cpe:2.3:a:adminer:adminer:4.3.0
-
cpe:2.3:a:adminer:adminer:4.3.1
-
cpe:2.3:a:adminer:adminer:4.4.0
-
cpe:2.3:a:adminer:adminer:4.5.0
-
cpe:2.3:a:adminer:adminer:4.6.0
-
cpe:2.3:a:adminer:adminer:4.6.1
-
cpe:2.3:a:adminer:adminer:4.6.2
-
cpe:2.3:o:debian:debian_linux:9.0