Description
Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Users of Adminer versions bundling all drivers (e.g. adminer.php) are vulnerable to a Server Side Request Forgery (SSRF) vulnerability that affects the Elasticsearch login module.
Remediation
Upgrade to the latest version of adminer. This issue was fixed in version 4.7.9.
References
Related Vulnerabilities
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33511)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.12)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Multiple Vulnerabilities (6.9.9)
SSRF via logo_uri in MITREid Connect
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-22648)