CVE Vulnerability

CVE-2021-21311

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://packagist.org/packages/vrana/adminer Product Third Party Advisory
https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 Patch Third Party Advisory
https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf Exploit Third Party Advisory
https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Information

Published : 2021-02-11 09:15

Updated : 2021-06-24 12:50

NVD link : CVE-2021-21311

Mitre link : CVE-2021-21311

Products Affected
No products.
CWE
CWE-918

Server-Side Request Forgery (SSRF)