Skip to content

vrana/adminer vulnerable to SSRF by connecting to privileged ports

Moderate severity GitHub Reviewed Published Feb 10, 2021 in vrana/adminer • Updated Sep 21, 2023

Package

composer vrana/adminer (Composer)

Affected versions

< 4.7.8

Patched versions

4.7.8

Description

Impact

All users are affected.

Patches

  • Unsuccessfully patched by 0fae40fb, included in version 4.4.0.
  • Patched by 35bfaa75, included in version 4.7.8.

Workarounds

Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin.

References

For more information

If you have any questions or comments about this advisory:

  • Comment at 35bfaa75.

References

@vrana vrana published to vrana/adminer Feb 10, 2021
Reviewed Feb 11, 2021
Published to the GitHub Advisory Database Feb 11, 2021
Last updated Sep 21, 2023

Severity

Moderate

EPSS score

1.261%
(85th percentile)

Weaknesses

CVE ID

CVE-2018-7667

GHSA ID

GHSA-43f8-p5w3-5m25

Source code

No known source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.