Lucene search
GoogleOSV:GHSA-43F8-P5W3-5M25HistoryFeb 11, 2021 - 9:20 p.m.
vrana/adminer vulnerable to SSRF by connecting to privileged ports
2021-02-1121:20:40
Google
osv.dev
69
adminer
ssrf
vulnerable
privileged ports
patches
workarounds
http password
ip address limiting
otp plugin
cve-2020-28654
EPSS
0.007
Percentile
80.0%
Impact
All users are affected.
Patches
- Unsuccessfully patched by 0fae40fb, included in version 4.4.0.
- Patched by 35bfaa75, included in version 4.7.8.
Workarounds
Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin.
References
- http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
- https://sourceforge.net/p/adminer/bugs-and-features/769/
- https://gusralph.info/adminer-ssrf-bypass-cve-2018-7667/ (CVE-2020-28654)
For more information
If you have any questions or comments about this advisory:
- Comment at 35bfaa75.
Related
github
github
vrana/adminer vulnerable to SSRF by connecting to privileged ports
2021-02-11 21:20:40
cve
cve
CVE-2020-28654
2022-03-31 15:06:11
CVE-2018-7667
2018-03-05 07:29:00
openvas
openvas
Debian: Security Advisory (DLA-1311-1)
2018-03-26 00:00:00
Adminer <= 4.3.1 SSRF Vulnerability - Windows
2019-01-20 00:00:00
Adminer <= 4.3.1 SSRF Vulnerability - Linux
2019-01-20 00:00:00
debian
debian
[SECURITY] [DLA 1311-1] adminer security update
2018-03-22 15:11:37
prion
prion
Design/Logic Flaw
2018-03-05 07:29:00
osv
osv
CVE-2018-7667
2018-03-05 07:29:00
adminer - security update
2018-03-22 00:00:00
nessus
nessus
openSUSE Security Update : adminer (openSUSE-2018-253)
2018-03-15 00:00:00
Debian DLA-1311-1 : adminer security update
2018-03-23 00:00:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-02-15 04:46:47
debiancve
debiancve
CVE-2018-7667
2018-03-05 07:29:00
nvd
nvd
CVE-2018-7667
2018-03-05 07:29:00
ubuntucve
ubuntucve
CVE-2018-7667
2018-03-05 00:00:00
cvelist
cvelist
CVE-2018-7667
2018-03-05 07:00:00