CVE-2023-45195

June 24, 2024, 10:15 p.m.

None
No Score

Description

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

Product(s) Impacted

Product Versions
AdminerEvo
  • ['4.8.4']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

https://github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc

Tags

9119a7d8-5eab-497f-8521-727c672e3725
CWE-918
2024-06-24
CVE-2023-45195

Timeline

Published: June 24, 2024, 10:15 p.m.
Last Modified: June 24, 2024, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

9119a7d8-5eab-497f-8521-727c672e3725

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.