7.8
CVE-2017-20066
- EPSS 0.4%
- Veröffentlicht 20.06.2022 20:15:07
- Zuletzt bearbeitet 21.11.2024 03:22:33
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginAdminer Login access control
Adminer <= 1.4.5 - Security Bypass to Database Login
A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Mögliche Gegenmaßnahme
adminer: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adminer Login Project ≫ Adminer Login Version1.4.4 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
adminer
Version
*-1.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.317 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| cna@vuldb.com | 5.3 | 1.8 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
http://seclists.org/fulldisclosure/2017/Feb/96
https://sumofpwn.nl/advisory/2016/wordpress_adminer_plugin_allows_public__local__database_login.html
https://vuldb.com/?id.97384
https://www.wordfence.com/threat-intel/vulnerabilities/id/109b4947-f690-4158-9e6a-00f2005a6938