CVE-2023-45195

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
cisa-cgCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Debian logo
Debian Releases
Debian Product
Codename
adminer
bullseye
no-dsa
bookworm
no-dsa
sid
4.8.1-4
fixed
trixie
4.8.1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adminer
oracular
needs-triage
noble
needed
mantic
ignored
jammy
needed
focal
needed
bionic
needed
xenial
needed
Common Weakness Enumeration
References
https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc
https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc