CVE-2018-7667Server-Side Request Forgery in Adminer

CWE-918Server-Side Request Forgery5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
16.9%
top 5.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AdminerVrana AdminerDebian Adminer
Timeline
PublishedMar 5
Latest updateFeb 11

Description

Adminer through 4.3.1 has SSRF via the server parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

Packagistvrana/adminer< 4.7.8
debiandebian/adminer< adminer 4.5.0-1 (bookworm)
Debianadminer/adminer< 4.5.0-1+3
NVDadminer/adminer4.3.1

🔴Vulnerability Details

3
GHSA
vrana/adminer vulnerable to SSRF by connecting to privileged ports2021-02-11
OSV
vrana/adminer vulnerable to SSRF by connecting to privileged ports2021-02-11
OSV
CVE-2018-7667: Adminer through 42018-03-05

📋Vendor Advisories

1
Debian
CVE-2018-7667: adminer - Adminer through 4.3.1 has SSRF via the server parameter.2018