Description

Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Users of Adminer versions bundling all drivers (e.g. adminer.php) are vulnerable to a Server Side Request Forgery (SSRF) vulnerability that affects the Elasticsearch login module.

Remediation

Upgrade to the latest version of adminer. This issue was fixed in version 4.7.9.

References

SSRF in adminer

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.24)

WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)

VMware vRealize Operations Server Side Request Forgery (SSRF) vulnerability

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.6)

WordPress Plugin POST SMTP Mailer-Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress Server-Side Request Forgery (2.1.6)

Severity

Medium

Classification

CVE-2021-21311 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

SSRF