Skip to main content

Sorcery Blog

Tag: adminer

Adminer - A Guide For All its Vulnerabilities

Adminer is a popular PHP database management tool. This blog post will detail its vulnerabilities, how to exploit them and how to protect yourself from these risks. RCE using SQLite Versions 4.2.4 and before that support SQLite are vulnerable to this. The server must have the SQLite PHP driver installed for this to work. On Adminer you login with an empty username and database name. This will log you in to a temporary in-memory database.