CVE-2021-4259

A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/erikdubbelboer/phpRedisAdmin/commit/31aa7661e6db6f4dffbf9a635817832a0a11c7d9	Patch Third Party Advisory
https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.16.2	Release Notes Third Party Advisory
https://vuldb.com/?id.216267	Permissions Required Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpredisadmin_project:phpredisadmin:*:*:*:*:*:*:*:*

History

29 Feb 2024, 01:33

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en phpRedisAdmin hasta 1.16.1. Ha sido clasificada como problemática. Esto afecta la función authHttpDigest del archivo include/login.inc.php. La manipulación del argumento response conduce al uso de un operador incorrecto en la comparación de cadenas. La actualización a la versión 1.16.2 puede solucionar este problema. El nombre del parche es 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-216267.

Information

Published : 2022-12-19 14:15

Updated : 2024-05-17 02:03

NVD link : CVE-2021-4259

Mitre link : CVE-2021-4259

CVE.ORG link : CVE-2021-4259

JSON object : View

Products Affected

phpredisadmin_project

phpredisadmin

CWE

CWE-597

Use of Wrong Operator in String Comparison

{"id": "CVE-2021-4259", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}]}, "published": "2022-12-19T14:15:10.497", "references": [{"url": "https://github.com/erikdubbelboer/phpRedisAdmin/commit/31aa7661e6db6f4dffbf9a635817832a0a11c7d9", "tags": ["Patch", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.16.2", "tags": ["Release Notes", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.216267", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-597"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en phpRedisAdmin hasta 1.16.1. Ha sido clasificada como problem\u00e1tica. Esto afecta la funci\u00f3n authHttpDigest del archivo include/login.inc.php. La manipulaci\u00f3n del argumento response conduce al uso de un operador incorrecto en la comparaci\u00f3n de cadenas. La actualizaci\u00f3n a la versi\u00f3n 1.16.2 puede solucionar este problema. El nombre del parche es 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-216267."}], "lastModified": "2024-05-17T02:03:30.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpredisadmin_project:phpredisadmin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16F80BC-5EB4-4E80-AE7E-2CFF9538912A", "versionEndExcluding": "1.16.2"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}