CVE-2023-45196

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cisa-cgCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
adminerevoadminerevo
𝑥
< 4.8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
adminer
bullseye
no-dsa
bookworm
no-dsa
sid
4.8.1-4
fixed
trixie
4.8.1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adminer
oracular
not-affected
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6
https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6