CVE-2021-21311

CVSS v3.1

7.2

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Adminer versions 4.0.0 through 4.7.9

Description: Adminer is an open-source database management in a single PHP file. There is a server-side request forgery vulnerability in Adminer versions bundling all drivers, such as

adminer.php

. This issue is fixed in version 4.7.9. Users of affected Adminer versions are at risk.

Recommendations: For versions 4.0.0 through 4.7.9, update to version 4.7.9 to resolve the issue. As a temporary workaround, consider using a single driver version, such as

adminer-mysql.php

, to minimize the risk of exploitation. Restrict access to Adminer by other means, such as HTTP password, IP address limiting, or by using the OTP plugin, until the issue is resolved.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-21311

DLA-2580-1

GHSA-X5R2-HJ5C-8JX6

USN-5271-1

Affected Products

Adminer

Linuxmint

Ubuntu

CVE-2021-21311

Weakness Enumeration

Related Identifiers

Affected Products

References · 34