CVE-2021-21311
SSRF in adminerAdminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
We have discovered 161 live websites that are affected by CVE-2021-21311.
Affected Software
| Product |  Adminer |
| Category | Database Managers |
| Vulnerable Domains | 161 live websites (34% of Adminer install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 12 versions ( 33% of all versions) |
Common Weakness Enumeration
CWE-918 Server-Side Request Forgery (SSRF)Details
- Published - Feb 11, 2021
- Updated - Oct 21, 2025
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2021-21311 United States | 24 websites |
 Czech Republic | 74 websites |
 Germany | 28 websites |
 Netherlands | 7 websites |
 Lithuania | 6 websites |
 Australia | 4 websites |
 India | 3 websites |
 Russia | 3 websites |
 Switzerland | 2 websites |
 China | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2021-21311| .cz | 70 websites |
| .com | 24 websites |
| .eu | 7 websites |
| .nl | 6 websites |
| .ch | 5 websites |
| .de | 4 websites |
| .net | 4 websites |
| .ru | 3 websites |
| .org | 3 websites |
| .it | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-21311
Top websites that are affected by CVE-2021-21311. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****************.**.********.com | United States | *,***,*** | |
| *********.********.com | United States | *,***,*** | |
| ***********************.**.********.com | United States | *,***,*** | |
| ****.*********.cz | Czech Republic | *,***,*** | |
| *********.*******.pro | Germany | *,***,*** | |
| ***.*******.pro | Germany | *,***,*** | |
| ****.********.cz | Czech Republic | *,***,*** | |
| *****.********.ch | Germany | *,***,*** | |
| ****.*******.pro | Germany | *,***,*** | |
| *********.*******.pro | Germany | *,***,*** |
FAQ
CVE-2021-21311 is Server-Side Request Forgery (SSRF) in Adminer
A total of 161 websites have been identified as vulnerable to CVE-2021-21311, based on global website indexing conducted by WebTechSurvey.
The Adminer is affected by the CVE-2021-21311 vulnerability.
Adminer versions up to 4.7.9 are vulnerable to CVE-2021-21311.
CVE-2021-21311 is resolved in version 4.7.9 of Adminer.
References
- https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
- https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf
- https://packagist.org/packages/vrana/adminer
- https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351
- https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html