CVE-2021-21311
SSRF in adminer
In short
Adminer, a database management tool, contains a vulnerability that allows attackers to make the server perform requests to internal or external systems on their behalf. This can expose sensitive data or compromise internal infrastructure.
Technical detail
Server-Side Request Forgery (SSRF) in Adminer versions 4.0.0 through 4.7.8 allows an unauthenticated or low-privileged attacker to craft malicious requests that the server executes, potentially accessing internal services, metadata endpoints, or arbitrary external resources. The vulnerability affects bundled distributions (adminer.php) that include all database drivers.
Summary generated and translated by AI from the official description.
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected products
vrana · adminerpublic PoCs found — 2
githubgithub.com/omoknooni/CVE-2021-21311★ 3githubgithub.com/Sudo-WP/sudowp-adminer★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdfhttps://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6https://lists.debian.org/debian-lts-announce/2021/03/msg00002.htmlhttps://packagist.org/packages/vrana/adminerhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21311