GHSA-rxfq-3vpc-vv72

Suggest an improvement
Source
https://github.com/advisories/GHSA-rxfq-3vpc-vv72
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-rxfq-3vpc-vv72/GHSA-rxfq-3vpc-vv72.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-rxfq-3vpc-vv72
Aliases
Published
2022-04-06T00:01:33Z
Modified
2024-02-20T05:33:45.550883Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Files or Directories Accessible to External Parties in Adminer
Details

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

Database specific
{
    "nvd_published_at": "2022-04-05T02:15:00Z",
    "cwe_ids": [
        "CWE-552"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-22T20:33:36Z"
}
References

Affected packages

Packagist / vrana/adminer

Package

Name
vrana/adminer
Purl
pkg:composer/vrana/adminer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.12.0
Fixed
4.6.3

Affected versions

v4.*

v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.3.0
v4.3.1
v4.4.0
v4.5.0
v4.6.0
v4.6.1
v4.6.2