Candidate: CVE-2018-7667
PublicDate: 2018-03-05 07:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7667
 http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
Description:
 Adminer through 4.3.1 has SSRF via the server parameter.
Ubuntu-Description: 
Notes: 
 ratliff> fake-sync from Debian for Trusty included only one of the two patches
 ratliff> the rate limiting patch was not included, so I'm leaving this CVE open
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_adminer:
 upstream: https://github.com/vrana/adminer/commit/0fae40fb611b5c8167fa2b8d40bf576a8935a380
 upstream: https://github.com/vrana/adminer/commit/0e5df34ea87ad34c1bc0ceac162eb86175d611a3
upstream_adminer: released (4.5.0-1)
precise/esm_adminer: DNE
trusty_adminer: released (3.3.3-1+deb7u1build0.14.04.1)
trusty/esm_adminer: DNE (trusty was released)
xenial_adminer: ignored (end of standard support, was needed)
artful_adminer: ignored (reached end-of-life)
bionic_adminer: not-affected (4.5.0-1)
cosmic_adminer: ignored (reached end-of-life)
disco_adminer: not-affected (4.5.0-1)
eoan_adminer: not-affected (4.5.0-1)
focal_adminer: not-affected (4.5.0-1)
groovy_adminer: not-affected (4.5.0-1)
hirsute_adminer: not-affected (4.5.0-1)
impish_adminer: not-affected (4.5.0-1)
jammy_adminer: not-affected (4.5.0-1)
devel_adminer: not-affected (4.5.0-1)