CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45195 – Adminer and AdminerEvo SSRF
https://notcve.org/view.php?id=CVE-2023-45195
24 Jun 2024 — Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4. Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. • https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45196 – Adminer and AdminerEvo denial of service via HTTP redirect
https://notcve.org/view.php?id=CVE-2023-45196
24 Jun 2024 — Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4. Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial o... • https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45197 – Adminer and AdminerEvo vulnerable to directory traversal and file upload
https://notcve.org/view.php?id=CVE-2023-45197
21 Jun 2024 — The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3. El complemento de carga de archivos en Adminer y AdminerEvo permite a un atacante cargar un archivo con un nombre de tabla "..." en la raíz del directorio de Adminer. El atacante puede adivinar ef... • https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •