ID CVE-2018-7667
Summary Adminer through 4.3.1 has SSRF via the server parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:adminer:adminer:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adminer:adminer:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:adminer:adminer:4.3.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 27-03-2018 - 13:32)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
misc http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
mlist [debian-lts-announce] 20180322 [SECURITY] [DLA 1311-1] adminer security update
Last major update 27-03-2018 - 13:32
Published 05-03-2018 - 07:29
Last modified 27-03-2018 - 13:32
Back to Top