SSRF-attack in Adminer
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-7667 |
| CWE-ID | CWE-918 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Adminer Web applications / Remote management & hosting panels |
| Vendor | Jakub Vrána |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Server-side request forgery
EUVDB-ID: #VU11277
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2018-7667
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to improper filtration of user-supplied data passed via "server" HTTP GET parameter. A remote unauthenticated attacker can send requests to internal server resources and scan ports on the local server.
Update to version 4.4.0.
Adminer: 3.0.0 rc1 - 4.3.1
CPE2.3- cpe:2.3:a:jakub_vrána:adminer:3.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:jakub_vrána:adminer:3.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:jakub_vrána:adminer:3.0.0:rc3:*:*:*:*:*:*
https://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
