VDB
CVE-2021-21311
CVE-2021-21311
PUBLISHED
KEV
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
EPSS 94.11% · 99.9th percentile
Risk Scores
EPSS Score
94.11%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | adminer | 4.5.0-1, 4.3.1-2, 0 |
| Ubuntu:Pro:16.04:LTS | adminer | 4.2.1-1ubuntu1, 0, 4.2.1-1 |
| Ubuntu:Pro:20.04:LTS | adminer | 4.7.5-1, 4.7.6-1, 4.7.4-1 |
Exploit Intelligence
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
- omoknooni/CVE-2021-21311 (github-poc-repo)
…and 114 more exploits
Timeline
- Jan 20, 1970 VulnCheck XDB Entry
- Feb 11, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Mar 31, 2022 Nuclei Template
- Mar 31, 2022 Fix Commit
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- May 4, 2022 VulnCheck KEV Exploitation
References
- https://ubuntu.com/security/CVE-2021-21311 third-party-advisory
- https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 third-party-advisory
- https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 third-party-advisory
- https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf third-party-advisory
- https://packagist.org/packages/vrana/adminer third-party-advisory
- https://ubuntu.com/security/notices/USN-5271-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-21311 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory