CVE-2021-43008

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability", "name": "https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/vrana/adminer/releases/tag/v4.6.3", "name": "https://github.com/vrana/adminer/releases/tag/v4.6.3", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.adminer.org/", "name": "https://www.adminer.org/", "tags": ["Product"], "refsource": "MISC"}, {"url": "https://podalirius.net/en/cves/2021-43008/", "name": "https://podalirius.net/en/cves/2021-43008/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html", "name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-43008", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2022-04-05T02:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.6.2", "versionStartIncluding": "1.12.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-09-30T13:03Z"}