Lucene search
GoogleOSV:GHSA-X5R2-HJ5C-8JX6HistoryFeb 11, 2021 - 8:42 p.m.
SSRF in adminer
2021-02-1120:42:59
Google
osv.dev
21
0.021 Low
EPSS
Percentile
89.2%
Impact
Users of Adminer versions bundling all drivers (e.g. adminer.php) are affected.
Patches
Patched by ccd2374b, included in version 4.7.9.
Workarounds
- Use a single driver version (e.g.
adminer-mysql.php). - Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin.
References
https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
For more information
If you have any questions or comments about this advisory:
- Comment at ccd2374b.
References
github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351
github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
lists.debian.org/debian-lts-announce/2021/03/msg00002.html
nvd.nist.gov/vuln/detail/CVE-2021-21311
packagist.org/packages/vrana/adminer
sourceforge.net/p/adminer/news/2021/02/adminer-479-released
Related
veracode
veracode
Server-side Request Forgery (SSRF)
2021-02-12 11:01:35
Server-Side Request Forgery (SSRF)
2021-02-15 09:04:57
Server-Side Request Forgery (SSRF)
2021-02-15 04:54:38
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Adminer
2023-06-12 13:32:52
nessus
nessus
Debian DLA-2580-1 : adminer security update
2021-03-03 00:00:00
nuclei
nuclei
Adminer <4.7.9 - Server-Side Request Forgery
2022-03-31 19:40:06
github
github
SSRF in adminer
2021-02-11 20:42:59
openvas
openvas
Debian: Security Advisory (DLA-2580-1)
2021-03-03 00:00:00
Adminer 4.7.0 < 4.7.9 Multiple Vulnerabilities - Linux
2021-02-12 00:00:00
Adminer 4.7.0 < 4.7.9 Multiple Vulnerabilities - Windows
2021-02-12 00:00:00
debian
debian
[SECURITY] [DLA 2580-1] adminer security update
2021-03-02 19:41:17
cvelist
cvelist
CVE-2021-21311 SSRF in adminer
2021-02-11 20:55:15
osv
osv
adminer - security update
2021-03-03 00:00:00
CVE-2021-21311
2021-02-11 21:15:13
adminer vulnerabilities
2022-06-03 13:18:00
nvd
nvd
CVE-2021-21311
2021-02-11 21:15:13
ubuntucve
ubuntucve
CVE-2021-21311
2021-02-11 00:00:00
prion
prion
Server side request forgery (ssrf)
2021-02-11 21:15:00
cve
cve
CVE-2021-21311
2021-02-11 21:15:13
debiancve
debiancve
CVE-2021-21311
2021-02-11 21:15:13
ubuntu
ubuntu
Adminer vulnerabilities
2022-06-03 00:00:00