CVE-2023-45197
Adminer and AdminerEvo vulnerable to directory traversal and file uploadThe file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3.
We have discovered 391 live websites that are affected by CVE-2023-45197.
Affected Software
| Product |  Adminer |
| Category | Database Managers |
| Vulnerable Domains | 391 live websites (82% of Adminer install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 24 versions ( 67% of all versions) |
Common Weakness Enumeration
CWE-434 Unrestricted Upload of File with Dangerous TypeDetails
- Published - Jun 21, 2024
- Updated - Aug 2, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-45197 United States | 116 websites |
 Czech Republic | 92 websites |
 Germany | 59 websites |
 France | 20 websites |
 Russia | 17 websites |
 Netherlands | 10 websites |
 Singapore | 10 websites |
 China | 8 websites |
 Slovakia | 7 websites |
 Lithuania | 6 websites |
Website Distribution by TLD
Number of websites using CVE-2023-45197| .com | 137 websites |
| .cz | 86 websites |
| .ru | 17 websites |
| .net | 16 websites |
| .org | 14 websites |
| .de | 13 websites |
| .eu | 10 websites |
| .nl | 7 websites |
| .io | 6 websites |
| .fr | 6 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-45197
Top websites that are affected by CVE-2023-45197. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.********.com | Czech Republic | **,*** | |
| ******.***.pl |  Poland | ***,*** | |
| *******.pl | Poland | ***,*** | |
| ****.*****.com | United States | ***,*** | |
| *********.com | Germany | ***,*** | |
| **************.ru | Russia | ***,*** | |
| ***.*********.com | United States | ***,*** | |
| ***********.************.com | United States | ***,*** | |
| ******.*************.cz | Czech Republic | ***,*** | |
| *******.***.cn | China | ***,*** |
FAQ
CVE-2023-45197 is Unrestricted Upload of File with Dangerous Type in Adminer
A total of 391 websites have been identified as vulnerable to CVE-2023-45197, based on global website indexing conducted by WebTechSurvey.
The Adminer is affected by the CVE-2023-45197 vulnerability.
Adminer versions up to and including 4.8.3 are vulnerable to CVE-2023-45197.