VulnerableCode Package Details - pkg:composer/vrana/adminer@4.7.9

Search for packages

Vulnerability	Summary	Fixed by
VCID-5tnq-1pgt-r7h5 Aliases: CVE-2025-43960 GHSA-mqh4-2mm8-g7w9	Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.	4.8.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9b7j-199x-5qhk Aliases: CVE-2021-29625 GHSA-2v82-5746-vwqc	Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).	4.8.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xz5e-9xfk-13gq Aliases: CVE-2026-25892 GHSA-q4f2-39gr-45jh		5.4.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5tnq-1pgt-r7h5
Aliases:
CVE-2025-43960
GHSA-mqh4-2mm8-g7w9

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.

4.8.2
Affected by 1 other vulnerability.

VCID-9b7j-199x-5qhk
Aliases:
CVE-2021-29625
GHSA-2v82-5746-vwqc

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).

4.8.1
Affected by 2 other vulnerabilities.

VCID-xz5e-9xfk-13gq
Aliases:
CVE-2026-25892
GHSA-q4f2-39gr-45jh

5.4.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-78j5-x2za-jycs	Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.	CVE-2021-21311 GHSA-x5r2-hj5c-8jx6
VCID-p2d1-95dg-hyh9	Adminer through 4.7.8 allows XSS via the history parameter to the default URI.	CVE-2020-35572 GHSA-9pgx-gcph-mpqr
VCID-uua2-xsrr-47e6	XSS in Adminer Withdrawn: Duplicate of GHSA-9pgx-gcph-mpqr. Adminer before 4.7.9 allows XSS via the history parameter to the default URI.	GHSA-m56g-3g8v-2rxw

Vulnerability

Summary

Aliases

VCID-78j5-x2za-jycs

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.

CVE-2021-21311
GHSA-x5r2-hj5c-8jx6

VCID-p2d1-95dg-hyh9

Adminer through 4.7.8 allows XSS via the history parameter to the default URI.

CVE-2020-35572
GHSA-9pgx-gcph-mpqr

VCID-uua2-xsrr-47e6

XSS in Adminer **Withdrawn:** Duplicate of GHSA-9pgx-gcph-mpqr. Adminer before 4.7.9 allows XSS via the history parameter to the default URI.

GHSA-m56g-3g8v-2rxw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T20:57:42.195463+00:00	GitLab Importer	Affected by	VCID-xz5e-9xfk-13gq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2026-25892.yml	38.6.0
2026-06-12T20:11:37.936217+00:00	GitLab Importer	Affected by	VCID-5tnq-1pgt-r7h5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2025-43960.yml	38.6.0
2026-06-12T17:39:57.022095+00:00	GitLab Importer	Affected by	VCID-9b7j-199x-5qhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2021-29625.yml	38.6.0
2026-06-12T17:33:24.958144+00:00	GitLab Importer	Fixing	VCID-78j5-x2za-jycs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2021-21311.yml	38.6.0
2026-06-12T17:33:20.480631+00:00	GitLab Importer	Fixing	VCID-p2d1-95dg-hyh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2020-35572.yml	38.6.0
2026-06-12T08:04:05.776303+00:00	GithubOSV Importer	Fixing	VCID-uua2-xsrr-47e6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-m56g-3g8v-2rxw/GHSA-m56g-3g8v-2rxw.json	38.6.0
2026-06-12T08:04:04.778111+00:00	GithubOSV Importer	Fixing	VCID-p2d1-95dg-hyh9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-9pgx-gcph-mpqr/GHSA-9pgx-gcph-mpqr.json	38.6.0
2026-06-12T08:04:04.029254+00:00	GithubOSV Importer	Fixing	VCID-78j5-x2za-jycs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-x5r2-hj5c-8jx6/GHSA-x5r2-hj5c-8jx6.json	38.6.0