CVE-2023-45196

EUVD-2023-49503
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
cisa-cgCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
adminerevoadminerevo
𝑥
< 4.8.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
admineradminer
4.8.2 ≤
𝑥
< 4.8.4
CNA
Debian logo
Debian Releases
Debian Product
Codename
adminer
bookworm
no-dsa
bullseye
no-dsa
sid
4.8.1-4
fixed
trixie
4.8.1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adminer
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
not-affected
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6
https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6