Debian Security Advisory
DLA-1311-1 adminer -- LTS security update
- Date Reported:
- 22 Mar 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-7667.
- More information:
It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool.
Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts or perform port scanning of other servers.
For Debian 7
Wheezy, this issue has been fixed in adminer version 3.3.3-1+deb7u1.
We recommend that you upgrade your adminer packages.