Description
Adminer is a tool for managing content in MySQL databases. Adminer is distributed under Apache license in a form of a single PHP file.
Adminer versions up to (and including) 4.6.2 supported the use of the SQL statement LOAD DATA INFILE. It was possible to use this SQL statement to read arbitrary local files because of a protocol flaw in MySQL.
Remediation
Upgrade to the latest version of Adminer. This vulnerability was fixed in Adminer version 4.6.3.
References
Related Vulnerabilities
WordPress Plugin Widgets for WooCommerce Products on Elementor Security Bypass (1.0.5)
WordPress Plugin bbPress SQL Injection (2.5.14)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (5.0.05)
WordPress Plugin Customer Reviews for WooCommerce Local File Inclusion (5.15.0)
WordPress Plugin underConstruction Cross-Site Scripting (1.18)