CVE-2021-21311

HIGH KEV NUCLEI

Adminer < 4.7.9 - SSRF

Title source: rule

Description

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.

Exploits (4)

nomisec WORKING POC 3 stars
by omoknooni · poc
https://github.com/omoknooni/CVE-2021-21311
nomisec WRITEUP
by Sudo-WP · poc
https://github.com/Sudo-WP/sudowp-adminer
vulncheck_xdb WORKING POC
remote
https://github.com/llhala/CVE-2021-21311
inthewild WORKING POC
poc
https://github.com/llhala/cve-2021-21311

Nuclei Templates (1)

Adminer <4.7.9 - Server-Side Request Forgery
HIGHby Adam Crosser,pwnhxl
Shodan: title:"Login - Adminer" || cpe:"cpe:2.3:a:adminer:adminer" || http.title:"login - adminer"
FOFA: app="Adminer" && body="4.7.8" || title="login - adminer" || app="adminer" && body="4.7.8"

References (6)

Scores

CVSS v3 7.2
EPSS 0.9418
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Details

CISA KEV 2025-09-29
VulnCheck KEV 2022-05-04
ENISA EUVD EUVD-2021-0576
CWE
CWE-918
Status published
Products (3)
adminer/adminer 4.0.0 - 4.7.9
debian/debian_linux 9.0
vrana/adminer 0 - 4.7.9Packagist
Published Feb 11, 2021
KEV Added Sep 29, 2025
Tracked Since Feb 18, 2026