Debian 9844 Published by

Updated adminer packages has been released for Debian GNU/Linux 7 LTS



Package : adminer
Version : 3.3.3-1+deb7u1
CVE ID : CVE-2018-7667
Debian Bug : #893668

It was discovered that there was a server-side request forgery exploit in
adminer, a web-based database administration tool.

Adminer allowed unauthenticated connections to be initiated to arbitrary
systems and ports which could bypass external firewalls to identify
internal hosts or perform port scanning of other servers.

For Debian 7 "Wheezy", this issue has been fixed in adminer version
3.3.3-1+deb7u1.

We recommend that you upgrade your adminer packages.