CVE-2021-43008

HIGH LAB

Adminer <4.6.2 - Info Disclosure

Title source: llm

Description

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

Exploits (3)

nomisec WORKING POC 88 stars

by p0dalirius · poc

https://github.com/p0dalirius/CVE-2021-43008-AdminerRead

View Code ZIP pw:eip

nomisec WORKING POC

by Bamolitho · poc

https://github.com/Bamolitho/adminer_CVE-2021-43008

View Code ZIP pw:eip

nomisec WORKING POC

by DaturaSaturated · poc

https://github.com/DaturaSaturated/Adminer-CVE-2021-43008

View Code ZIP pw:eip

References (5)

[Release Notes, Third Party Advisory] https://github.com/vrana/adminer/releases/tag/v4.6.3

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html

[Exploit, Third Party Advisory] https://podalirius.net/en/cves/2021-43008/

[Exploit, Third Party Advisory] https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability

[Product] https://www.adminer.org/

Scores

CVSS v3 7.5

EPSS 0.8347

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull vulhub/adminer:4.6.2

docker pull mysql:5.7

https://github.com/p0dalirius/CVE-2021-43008-AdminerRead

https://github.com/DaturaSaturated/Adminer-CVE-2021-43008

https://github.com/Bamolitho/adminer_CVE-2021-43008

View in Library

Details

Status published

Products (3)

adminer/adminer 1.12.0 - 4.6.2

debian/debian_linux 9.0

vrana/adminer 1.12.0 - 4.6.3Packagist

Published Apr 05, 2022

Tracked Since Feb 18, 2026