CVE-2023-45195

June 24, 2024, 10:15 p.m.

Tags

9119a7d8-5eab-497f-8521-727c672e3725
CWE-918
2024-06-24
CVE-2023-45195

Product(s) Impacted

AdminerEvo

  • 4.8.4

Description

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

Weaknesses

CWE-918
Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CWE ID: 918

Date

Published: June 24, 2024, 10:15 p.m.

Last Modified: June 24, 2024, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

9119a7d8-5eab-497f-8521-727c672e3725

References

https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc
9119a7d8-5eab-497f-8521-727c672e3725