{"id":"CVE-2021-21311","details":"Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.","aliases":["GHSA-x5r2-hj5c-8jx6"],"modified":"2026-04-10T04:29:35.354485Z","published":"2021-02-11T21:15:13.820Z","related":["GHSA-x5r2-hj5c-8jx6"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21311"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"},{"type":"ADVISORY","url":"https://packagist.org/packages/vrana/adminer"},{"type":"FIX","url":"https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6"},{"type":"FIX","url":"https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"},{"type":"EVIDENCE","url":"https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vrana/adminer","events":[{"introduced":"184273750aa4b255e54b30296f580ebca89a2d39"},{"fixed":"93c7fb248ca008e3247eb3a43812e1096e7b262c"},{"fixed":"ccd2374b0b12bd547417bf0dacdf153826c83351"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.7.9"}]}}],"versions":["v4.0.0","v4.0.1","v4.0.2","v4.0.3","v4.1.0","v4.2.0","v4.2.1","v4.2.2","v4.2.3","v4.2.4","v4.2.5","v4.3.0","v4.3.1","v4.4.0","v4.5.0","v4.6.0","v4.6.1","v4.6.2","v4.6.3","v4.7.0","v4.7.1","v4.7.2","v4.7.3","v4.7.4","v4.7.5","v4.7.7","v4.7.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21311.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}]}