Search for packages
| purl | pkg:composer/vrana/adminer@4.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5p1u-z3kt-5beu
Aliases: CVE-2021-43008 GHSA-rxfq-3vpc-vv72 |
Files or Directories Accessible to External Parties in Adminer |
Affected by 5 other vulnerabilities. |
|
VCID-5tnq-1pgt-r7h5
Aliases: CVE-2025-43960 GHSA-mqh4-2mm8-g7w9 |
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention. |
Affected by 1 other vulnerability. |
|
VCID-78j5-x2za-jycs
Aliases: CVE-2021-21311 GHSA-x5r2-hj5c-8jx6 |
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9. |
Affected by 3 other vulnerabilities. |
|
VCID-ag7r-s3jh-bkaz
Aliases: CVE-2018-7667 GHSA-43f8-p5w3-5m25 |
Adminer through 4.3.1 has SSRF via the server parameter. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-p2d1-95dg-hyh9
Aliases: CVE-2020-35572 GHSA-9pgx-gcph-mpqr |
Adminer through 4.7.8 allows XSS via the history parameter to the default URI. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||