CVE-2021-4259

MEDIUM 5.0

phpRedisAdmin login.inc.php authHttpDigest wrong operator in string comparison

CVSS Score

5.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267.

CWE	CWE-597
Vendor	n/a
Product	phpredisadmin
Published	Dec 19, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for n/a phpredisadmin

Be the first to know when new medium vulnerabilities affecting n/a phpredisadmin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / phpRedisAdmin

1.16.0 1.16.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.216267 github.com: https://github.com/erikdubbelboer/phpRedisAdmin/commit/31aa7661e6db6f4dffbf9a635817832a0a11c7d9 github.com: https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.16.2