CVE-2021-43008
HIGH7.5EPSS 84.7%adminer - security update
Published: 4/6/2022Modified: 4/28/2026
Description
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
Affected packages (3)
- Debian/adminerfrom 0, < 4.6.3-1
- Debian/adminerfrom 0, < 4.2.5-3+deb9u3
- Packagist/vrana/adminer>= 1.12.0, < 4.6.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-43008
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-43008
- PATCHhttps://github.com/vrana/adminer
- WEBhttps://github.com/vrana/adminer/releases/tag/v4.6.3
- WEBhttps://lists.debian.org/debian-lts-announce/2022/05/msg00012.html
- WEBhttps://podalirius.net/en/cves/2021-43008
- WEBhttps://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
- WEBhttps://www.adminer.org