CVE-2021-21311

Published: 11 February 2021

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.

Priority

Medium

CVSS 3 base score: 7.2

Status

Package Release Status
adminer
Launchpad, Ubuntu, Debian
Upstream
Released (4.7.9-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(4.7.9-1)
Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist