CVE-2018-7667
CRITICAL9.8EPSS 16.9%vrana/adminer vulnerable to SSRF by connecting to privileged ports
Published: 2/11/2021Modified: 4/28/2026
Description
Adminer through 4.3.1 has SSRF via the server parameter.
Affected packages (3)
- Debian/adminerfrom 0, < 4.5.0-1
- Debian/adminerfrom 0, < 3.3.3-1+deb7u1
- Packagist/vrana/adminerfrom 0, < 4.7.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-7667
- WEBhttp://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
- WEBhttps://github.com/vrana/adminer/commit/35bfaa75
- WEBhttps://github.com/vrana/adminer/security/advisories/GHSA-43f8-p5w3-5m25
- WEBhttps://gusralph.info/adminer-ssrf-bypass-cve-2018-7667
- WEBhttps://sourceforge.net/p/adminer/bugs-and-features/769