CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.0%
Adminer is prone to a server-side request forgery (SSRF)
vulnerability.
# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:adminer:adminer";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.108533");
script_version("2024-06-28T15:38:46+0000");
script_tag(name:"last_modification", value:"2024-06-28 15:38:46 +0000 (Fri, 28 Jun 2024)");
script_tag(name:"creation_date", value:"2019-01-20 14:05:39 +0100 (Sun, 20 Jan 2019)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-03-27 13:32:00 +0000 (Tue, 27 Mar 2018)");
script_cve_id("CVE-2018-7667");
script_name("Adminer <= 4.3.1 SSRF Vulnerability - Windows");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2019 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_adminer_detect.nasl", "os_detection.nasl");
script_mandatory_keys("adminer/detected", "Host/runs_windows");
script_xref(name:"URL", value:"https://github.com/vrana/adminer/releases/tag/v4.4.0");
script_xref(name:"URL", value:"http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt");
script_xref(name:"URL", value:"https://seclists.org/fulldisclosure/2018/Jan/64");
script_xref(name:"URL", value:"https://www.exploit-db.com/exploits/43593");
script_tag(name:"summary", value:"Adminer is prone to a server-side request forgery (SSRF)
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Adminer allows unauthenticated connections to be initiated to arbitrary systems/ports.");
script_tag(name:"impact", value:"This vulnerability can be used to potentially bypass firewalls to
identify internal hosts and perform port scanning of other servers for reconnaissance purposes.");
script_tag(name:"affected", value:"Adminer version 4.3.1 and prior.");
script_tag(name:"solution", value:"Update to version 4.4.0 or later which disables the possibility to connect
to privileged ports. Please note that this is only partially mitigating this vulnerability and port scanning
is still possible against ports in the range of > 1024.");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"Mitigation");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe:CPE ) )
exit( 0 );
if( ! info = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
vers = info["version"];
if( version_is_less( version:vers, test_version:"4.4.0" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"4.4.0", install_path:info["location"] );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.0%