| Package | adminer |
|---|---|
| Version | 4.7.1-1+deb10u2 (buster) |
| Related CVEs | CVE-2023-45195 CVE-2023-45196 |
Multiple vulnerabilities were found in adminer, a web-based database administration tool.
- CVE-2023-45195
-
Adminer is vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to.
- CVE-2023-45196
-
Adminer allows an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits.
For Debian 10 buster, these problems have been fixed in version 4.7.1-1+deb10u2.
We recommend that you upgrade your adminer packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.