Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
References
Link | Resource |
---|---|
https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 | Patch Third Party Advisory |
https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf | Exploit Third Party Advisory |
https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html | Mailing List Third Party Advisory |
https://packagist.org/packages/vrana/adminer | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-02-11T20:55:15
Updated: 2021-03-02T21:06:28
Reserved: 2020-12-22T00:00:00
Link: CVE-2021-21311
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-11T21:15:13.820
Modified: 2021-06-24T12:50:46.897
Link: CVE-2021-21311
JSON object: View
Redhat Information
No data.
CWE