CVE-2021-43008: Files or Directories Accessible to External Parties

April 5, 2022 (updated September 30, 2022)

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

References

github.com/vrana/adminer/releases/tag/v4.6.3
nvd.nist.gov/vuln/detail/CVE-2021-43008
podalirius.net/en/cves/2021-43008/
sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability
www.adminer.org/

Detect and mitigate CVE-2021-43008 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →