Description

Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Users of Adminer versions bundling all drivers (e.g. adminer.php) are vulnerable to a Server Side Request Forgery (SSRF) vulnerability that affects the Elasticsearch login module.

Remediation

Upgrade to the latest version of adminer. This issue was fixed in version 4.7.9.

References

SSRF in adminer

Related Vulnerabilities

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Multiple Vulnerabilities (5.5.4)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.10)

Jira Unauthorized SSRF via REST API

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)

WordPress Plugin WP Smart Import: Import any XML File to WordPress Server-Side Request Forgery (1.0.0)

Severity

Medium

Classification

CVE-2021-21311 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

SSRF