CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35572
https://notcve.org/view.php?id=CVE-2020-35572
Adminer through 4.7.8 allows XSS via the history parameter to the default URI. Adminer versiones hasta 4.7.8 permite un ataque de tipo XSS por medio del parámetro history en el URI predeterminado • https://sourceforge.net/p/adminer/bugs-and-features/775 https://sourceforge.net/p/adminer/news • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7667
https://notcve.org/view.php?id=CVE-2018-7667
Adminer through 4.3.1 has SSRF via the server parameter. Adminer hasta la versión 4.3.1 tiene SSRF mediante el parámetro server. • http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt https://lists.debian.org/debian-lts-announce/2018/03/msg00014.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20066 – Adminer Login access control
https://notcve.org/view.php?id=CVE-2017-20066
A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • http://seclists.org/fulldisclosure/2017/Feb/96 https://sumofpwn.nl/advisory/2016/wordpress_adminer_plugin_allows_public__local__database_login.html https://vuldb.com/?id.97384 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •