CVE-2023-45195 — Server-Side Request Forgery in Adminerevo

CWE-918 — Server-Side Request Forgery4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.3%

top 49.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adminerevo Adminer Debian Adminer

Timeline

PublishedJun 24

Latest updateJun 25

Description

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages5 packages

▶CVEListV5adminerevo/adminerevo4.8.2 — 4.8.4+1

▶NVDadminerevo/adminerevo< 4.8.4

▶debiandebian/adminer< adminer 4.8.1-4 (forky)

▶Debianadminer/adminer< 4.8.1-4+1

▶CVEListV5adminer/adminercpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* — cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-p59q-w6ff-wf6f: Adminer and AdminerEvo are vulnerable to SSRF via database connection fields↗2024-06-25

▶

OSV

CVE-2023-45195: Adminer and AdminerEvo are vulnerable to SSRF via database connection fields↗2024-06-24

▶

📋Vendor Advisories

Debian

CVE-2023-45195: adminer - Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. Th...↗2023

▶