Showing 1 - 5 of 5

CVE-2018-12613

Status Candidate

Overview

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

Related Files

phpMyAdmin 4.8.1 Remote Code Execution: Posted Oct 25, 2021; Authored by samguy; phpMyAdmin version 4.8.1 remote code execution exploit.; tags | exploit, remote, code execution; advisories | CVE-2018-12613; SHA-256 | c7fd500b6b33a3e044159ceaba0504a93de489c811db969c2903f7741e995f09; Download | Favorite | View

Gentoo Linux Security Advisory 201904-16: Posted Apr 15, 2019; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201904-16 - Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could result in the arbitrary execution of code. Versions less than 4.8.4 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2018-12613, CVE-2018-19968, CVE-2018-19969, CVE-2018-19970; SHA-256 | 5d7df917cdc3e3f4bf658fd761b678b2e710fc3eeaf045a1c7aff56a5653f3f9; Download | Favorite | View

phpMyAdmin 4.8.1 Authenticated Local File Inclusion: Posted Nov 27, 2018; Authored by Lucian Ioan Nitescu; phpMyAdmin version 4.8.1 authenticated local file inclusion proof of concept exploits.; tags | exploit, local, proof of concept, file inclusion; advisories | CVE-2018-12613; SHA-256 | 99adf4308fa706903d75dfc6e085c7ba2d9885c407bb3424f26d594818c0460a; Download | Favorite | View

phpMyAdmin Authenticated Remote Code Execution: Posted Jul 12, 2018; Authored by Jacob Robles, ChaMd5, Henry Huang | Site metasploit.com; phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.; tags | exploit, local, php, file inclusion; advisories | CVE-2018-12613; SHA-256 | dae18ef3348cf3077fd1fd7c0054e8bcb0185fb7e809a95ee03722cd6aacb0d5; Download | Favorite | View

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion: Posted Jun 22, 2018; Authored by VulnSpy; phpMyAdmin version 4.8.1 suffers from a local file inclusion vulnerability that can lead to code execution.; tags | exploit, local, code execution, file inclusion; advisories | CVE-2018-12613; SHA-256 | 7050bd8ba32a957693bf8e975344bff3d03e5961028dc6d3ce1b55150c1c75bd; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2018-12613

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems