CVE-2021-4268

phpRedisAdmin cross-site request forgery

Description

A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.18.0 is able to address this issue. The name of the patch is b9039adbb264c81333328faa9575ecf8e0d2be94. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216471.

References

Link	Tags
https://github.com/erikdubbelboer/phpRedisAdmin/commit/b9039adbb264c81333328faa9575ecf8e0d2be94	third party advisory patch
https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.18.0	third party advisory release notes
https://vuldb.com/?id.216471	permissions required vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-4268?: CVE-2021-4268 has been scored as a medium severity vulnerability.
How to fix CVE-2021-4268?: To fix CVE-2021-4268, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-4268 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-4268 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-4268?: CVE-2021-4268 affects unspecified phpRedisAdmin.

Description

Categories

CWE-863 – Incorrect Authorization

CWE-352 – Cross-Site Request Forgery (CSRF)

References

Frequently Asked Questions