CVE-2021-21311

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. adminer.php) are affected. This is fixed in version 4.7.9.

Published: Feb 11, 2021
Updated: May 9, 2024
CVE: CVE-2021-21311
GHSA: GHSA-x5r2-hj5c-8jx6
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
adminer / adminer	4.0.0	4.7.9
debian / debian_linux	9.0	9.0.x
vrana / adminer	-	4.7.9

https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351
https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html
https://packagist.org/packages/vrana/adminer
https://sourceforge.net/p/adminer/news/2021/02/adminer-479-released/

Vulnerability Database

CVE-2021-21311