Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
References
Link | Resource |
---|---|
https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 | Patch Third Party Advisory |
https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf | Exploit Third Party Advisory |
https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html | Mailing List Third Party Advisory |
https://packagist.org/packages/vrana/adminer | Product Third Party Advisory |
Configurations
History
24 Jun 2021, 12:50
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://packagist.org/packages/vrana/adminer - Product, Third Party Advisory |
15 Mar 2021, 18:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html - Mailing List, Third Party Advisory |
02 Mar 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Feb 2021, 15:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 7.2 |
CPE | cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 - Patch, Third Party Advisory | |
References | (MISC) https://packagist.org/packages/vrana/adminer - Product | |
References | (MISC) https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf - Exploit, Third Party Advisory |
11 Feb 2021, 21:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-11 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-21311
Mitre link : CVE-2021-21311
CVE.ORG link : CVE-2021-21311
JSON object : View
Products Affected
adminer
- adminer
debian
- debian_linux
CWE
CWE-918
Server-Side Request Forgery (SSRF)