CVE-2023-45196: Adminer and AdminerEvo denial of service via HTTP redirect
First published: Mon Jun 24 2024(Updated: )
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
Credit: 9119a7d8-5eab-497f-8521-727c672e3725
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ari-soft Ari Adminer | ||
| Adminer | <4.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-45196?
CVE-2023-45196 is classified as a denial-of-service vulnerability.
How do I fix CVE-2023-45196?
To mitigate CVE-2023-45196, consider disabling unauthenticated access or restricting access to the Adminer and AdminerEvo services.
Who is affected by CVE-2023-45196?
CVE-2023-45196 affects users of Adminer and AdminerEvo versions below 4.8.4.
What does CVE-2023-45196 exploit?
CVE-2023-45196 exploits the PHP configuration limits by causing a denial of service through HTTP redirect responses.
Is Adminer still supported after CVE-2023-45196?
No, Adminer is no longer supported, which may leave users vulnerable to CVE-2023-45196.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- collector/nvd-api
- source/NVD
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adminer
- canonical/ari-soft ari adminer
- vendor/adminerevo
- canonical/adminer