Impact
Users of Adminer versions bundling all drivers (e.g. adminer.php
) are affected.
Patches
Patched by ccd2374, included in version 4.7.9.
Workarounds
- Use a single driver version (e.g.
adminer-mysql.php
).
- Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin.
References
https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
For more information
If you have any questions or comments about this advisory:
Impact
Users of Adminer versions bundling all drivers (e.g.
adminer.php
) are affected.Patches
Patched by ccd2374, included in version 4.7.9.
Workarounds
adminer-mysql.php
).References
https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
For more information
If you have any questions or comments about this advisory: