The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisa-cg
Published: 2024-06-21T14:28:36.476Z
Updated: 2024-06-24T20:27:12.198Z
Reserved: 2023-10-05T03:54:13.664Z
Link: CVE-2023-45197
JSON object: View
NVD Information
Status : Modified
Published: 2024-06-21T15:15:15.647
Modified: 2024-06-24T21:15:25.760
Link: CVE-2023-45197
JSON object: View
Redhat Information
No data.