CVE-2021-43008 Information

Description

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability https://github.com/vrana/adminer/releases/tag/v4.6.3 https://www.adminer.org/ https://podalirius.net/en/cves/2021-43008/ https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5