CVE-2021-29625

Name of the Vulnerable Software and Affected Versions Adminer versions 4.6.1 through 4.8.0

Description A cross-site scripting issue affects users of MySQL, MariaDB, PgSQL, and SQLite. This issue is mostly prevented by strict Content Security Policy (CSP) in modern browsers, except when Adminer uses a pdo extension to communicate with the database. The vulnerability can be exploited in browsers without CSP.

Recommendations For versions 4.6.1 through 4.8.0, update to version 4.8.1 to resolve the issue. As a temporary workaround, consider using a browser that supports strict CSP. Enable the native PHP extensions (e.g., mysqli) to prevent exploitation. Disable displaying PHP errors (display errors) as an additional precaution.