Adminer Denial-of-Service Vulnerability via Unvalidated POST Data in Version Check Endpoint

A denial-of-service vulnerability has been identified in Adminer versions through 5.4.1. The issue arises in the '?script=version' endpoint, which accepts POST data without origin validation. This allows an attacker to send a 'version[]' parameter, creating an array that, when processed, leads to a TypeError and an HTTP 500 response. The vulnerability exploits the version check mechanism that relies on unsigned data from 'adminer.org'.

Impact

Exploitation of this vulnerability causes a persistent denial-of-service, where the application returns an HTTP 500 response due to a TypeError in the version handling process.

Reproduction

To reproduce this vulnerability, upload Adminer version 5.4.1 to a server. Then, send a POST request to 'adminer.php?script=version' with the 'version[]' parameter. This will inject an array into the version check mechanism. When the Adminer page is reloaded, the application will attempt to verify the injected data as a string, resulting in a TypeError and an HTTP 500 error.

Remediation

Users can upgrade to Adminer version 5.4.2, which addresses this vulnerability. If an upgrade is not possible, the 'adminer.version' file in the temporary directory can be made unwritable by the web server to prevent the denial-of-service.