CVE-2023-45195

EUVD-2023-49502
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
cisa-cgCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
adminerevoadminerevo
𝑥
< 4.8.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
admineradminer
4.8.2 ≤
𝑥
< 4.8.4
CNA
Debian logo
Debian Releases
Debian Product
Codename
adminer
bookworm
no-dsa
bullseye
no-dsa
sid
4.8.1-4
fixed
trixie
4.8.1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adminer
bionic
needed
focal
needed
jammy
needed
mantic
ignored
noble
needed
oracular
needs-triage
xenial
needed
Common Weakness Enumeration
References
https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc
https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc