CVE-2021-43008 — Files or Directories Accessible to External Parties in Adminer

CWE-552 — Files or Directories Accessible to External Parties6 documents5 sources

Severity

7.5HIGHNVD

EPSS

83.5%

top 0.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adminer Vrana Adminer Debian Adminer +1 more

Timeline

PublishedApr 5

Latest updateMay 10

Description

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Packagistvrana/adminer1.12.0 — 4.6.3

▶debiandebian/adminer< adminer 4.6.3-1 (bookworm)

▶Debianadminer/adminer< 4.6.3-1+3

▶NVDadminer/adminer1.12.0 — 4.6.2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

Files or Directories Accessible to External Parties in Adminer↗2022-04-06

▶

OSV

Files or Directories Accessible to External Parties in Adminer↗2022-04-06

▶

OSV

CVE-2021-43008: Improper Access Control in Adminer versions 1↗2022-04-05

▶

📋Vendor Advisories

CISA ICS

Adminer in Industrial Products↗2022-05-10

▶

Debian

CVE-2021-43008: adminer - Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4....↗2021

▶