Description

Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Users of Adminer versions bundling all drivers (e.g. adminer.php) are vulnerable to a Server Side Request Forgery (SSRF) vulnerability that affects the Elasticsearch login module.

Remediation

Upgrade to the latest version of adminer. This issue was fixed in version 4.7.9.

References

SSRF in adminer

Related Vulnerabilities

WordPress Plugin Under Construction, Coming Soon & Maintenance Mode Multiple Vulnerabilities (1.1.1)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.10)

Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.20)

WordPress Plugin wpForo Forum Multiple Vulnerabilities (2.1.7)

Severity

Medium

Classification

CVE-2021-21311 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

SSRF