{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T09:18:47.508","vulnerabilities":[{"cve":{"id":"CVE-2026-25892","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T22:16:04.023","lastModified":"2026-02-20T20:24:32.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2."},{"lang":"es","value":"Adminer es un software de gestión de bases de datos de código abierto. Adminer v5.4.1 y anteriores tiene un mecanismo de verificación de versión donde adminer.org envía información de versión firmada a través de JavaScript postMessage, que el navegador luego envía por POST a ?script=version. Este endpoint carece de validación de origen y acepta datos POST de cualquier fuente. Un atacante puede enviar por POST el parámetro version[] que PHP convierte en un array. En la siguiente carga de página, openssl_verify() recibe este array en lugar de una cadena y lanza TypeError, devolviendo HTTP 500 a todos los usuarios. Actualice a Adminer 5.4.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.2","versionEndExcluding":"5.4.2","matchCriteriaId":"0A0A483B-178F-44CC-9EB7-C469C1F8C106"}]}]}],"references":[{"url":"https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vrana/adminer/releases/tag/v5.4.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}