-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is explicitly tied to adminer.php, which is a database management tool. XSS vulnerabilities in Adminer typically occur when user-supplied parameters (like server names, database names, or error messages) are reflected in outputs without proper HTML encoding. Since the advisory specifies the vector is via adminer.php and no patch is available, this indicates the core Adminer implementation bundled with Subrion CMS lacks proper output sanitization. The Adminer::output method (or equivalent output generation logic) is a prime candidate as it would handle dynamic content rendering.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| intelliants/subrion | composer | <= 4.2.1 |
Ongoing coverage of React2Shell