Adminer and AdminerEvo are vulnerable to SSRF via...
Unreviewed
Published
Jun 25, 2024
to the GitHub Advisory Database
•
Updated Jun 25, 2024
Description
Published by the National Vulnerability Database
Jun 24, 2024
Published to the GitHub Advisory Database
Jun 25, 2024
Last updated
Jun 25, 2024
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
References