CVE-2023-45196 — Uncontrolled Resource Consumption in Adminerevo

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.4%

top 41.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adminerevo Adminer Debian Adminer

Timeline

PublishedJun 24

Description

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages5 packages

▶CVEListV5adminerevo/adminerevo4.8.2 — 4.8.4+1

▶NVDadminerevo/adminerevo< 4.8.4

▶debiandebian/adminer< adminer 4.8.1-4 (forky)

▶Debianadminer/adminer< 4.8.1-4+1

▶CVEListV5adminer/adminercpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* — cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2fjv-ffr6-wh68: Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that resp↗2024-06-24

▶

OSV

CVE-2023-45196: Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that resp↗2024-06-24

▶

📋Vendor Advisories

Debian

CVE-2023-45196: adminer - Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denia...↗2023

▶