CVE-2021-43008
adminer - security update
7.5
HIGH
CVSS 3.1
EPSS 84.7%
Description
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
How to fix CVE-2021-43008
To remediate CVE-2021-43008, upgrade the affected package to a fixed version below.
- Debian/adminer—upgrade to 4.6.3-1 or later
- —upgrade to 4.2.5-3+deb9u3 or later
- —upgrade to 4.6.3 or later
Is CVE-2021-43008 being exploited?
Likely — EPSS is 84.7%, placing CVE-2021-43008 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 4.6.3-1
- from 0, < 4.2.5-3+deb9u3
- >= 1.12.0, < 4.6.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |