Server-side request forgery in Adminer

#VU11277 Server-side request forgery in Adminer

Published: 2018-03-26 | Updated: 2018-04-12

Vulnerability identifier: #VU11277

Vulnerability risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-7667

CWE-ID: CWE-918

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Adminer
Web applications / Remote management & hosting panels

Vendor: Jakub Vrána

Description
The vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to improper filtration of user-supplied data passed via "server" HTTP GET parameter. A remote unauthenticated attacker can send requests to internal server resources and scan ports on the local server.

Mitigation
Update to version 4.4.0.

Vulnerable software versions

Adminer: 3.0.0 - 4.3.1

External links
http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Adminer extension for TYPO3

SSRF-attack in Adminer