Vulnerability Description
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adminer | Adminer | >= 1.12.0, <= 4.6.2 |
| Debian | Debian Linux | 9.0 |
References
- https://github.com/vrana/adminer/releases/tag/v4.6.3Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/05/msg00012.htmlMailing ListThird Party Advisory
- https://podalirius.net/en/cves/2021-43008/ExploitThird Party Advisory
- https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerabilityExploitThird Party Advisory
- https://www.adminer.org/Product
- https://github.com/vrana/adminer/releases/tag/v4.6.3Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/05/msg00012.htmlMailing ListThird Party Advisory
- https://podalirius.net/en/cves/2021-43008/ExploitThird Party Advisory
- https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerabilityExploitThird Party Advisory
- https://www.adminer.org/Product
FAQ
What is CVE-2021-43008?
CVE-2021-43008 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a re...
How severe is CVE-2021-43008?
CVE-2021-43008 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43008?
Check the references section above for vendor advisories and patch information. Affected products include: Adminer Adminer, Debian Debian Linux.