The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Adminer

computer vulnerability bulletin CVE-2018-7667

Adminer: information disclosure via SSRF

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSRF of Adminer, in order to obtain sensitive information.
Impacted products: Adminer, Debian, openSUSE Leap.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 16/01/2018.
Identifiers: CVE-2018-7667, DLA-1311-1, openSUSE-SU-2018:0680-1, VIGILANCE-VUL-25068.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSRF of Adminer, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 19764

Adminer: code execution via SQLite queries

Synthesis of the vulnerability

An attacker can use SQLite queries in Adminer, in order to run code.
Impacted products: Adminer.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 02/06/2016.
Identifiers: VIGILANCE-VUL-19764.

Description of the vulnerability

The Adminer product is a database management tool for MySQL, PostgreSQL, etc.

It also manages the embedded database SQLite. However, some SQLite queries are wrongly handled and one can inject machine code into SQLite queries.

An attacker can therefore use SQLite queries in Adminer, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Adminer: