CVE-2023-45196

HIGH

AdminerEvo < 4.8.4 - Unauthenticated Denial of Service via HTTP Redirect Handling

Title source: llm

Description

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

References (1)

Core 1

Core References

Patch patch

https://github.com/adminerevo/adminerevo/pull/102/commits/23e7cdc0a32b3739e13d19ae504be0fe215142b6

Scores

CVSS v3 7.5

EPSS 0.0059

EPSS Percentile 43.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (1)

adminerevo/adminerevo < 4.8.4

Published Jun 24, 2024

Tracked Since Feb 18, 2026