CVE-2023-45196
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y
Summary
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adminer | Adminer | 0 <= * | affected |
| Adminer | Adminer | cpe:2.3:a:adminer:adminer:0:*:*:*:*:*:*:* <= cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* | affected |
| AdminerEvo | AdminerEvo | 4.8.2 < 4.8.4 | affected |
| AdminerEvo | AdminerEvo | cpe:2.3:a:adminerevo:adminerevo:0:*:*:*:*:*:*:* < cpe:2.3:a:adminerevo:adminerevo:4.8.4:*:*:*:*:*:*:* | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.