CVE-2023-45197: Adminer and AdminerEvo vulnerable to directory traversal and file upload
First published: Fri Jun 21 2024(Updated: )
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.
Credit: 9119a7d8-5eab-497f-8521-727c672e3725
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adminer | <4.8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-45197?
CVE-2023-45197 is considered to have a high severity due to its potential for unauthorized file execution.
How do I fix CVE-2023-45197?
To fix CVE-2023-45197, update to AdminerEvo version 4.8.3 or later where the vulnerability has been patched.
What does CVE-2023-45197 affect?
CVE-2023-45197 affects the file upload functionality in Adminer and AdminerEvo prior to version 4.8.3.
Can CVE-2023-45197 be exploited remotely?
Yes, CVE-2023-45197 can be exploited remotely if an attacker gains access to the file upload feature.
Is Adminer still supported in light of CVE-2023-45197?
Adminer is no longer officially supported, but vulnerabilities like CVE-2023-45197 have patch releases in newer forks like AdminerEvo.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/references
- agent/title
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adminerevo
- canonical/adminer