CVE-2018-12613

CVE Database · CVE-2018-12613

CVE-2018-12613

· HIGHModified

CVSS v3.1

8.8

EPSS

98.39%

Published

Jun 21, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (6)

All weaponized →

Exploit-DBphpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)Exploit-DBphpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)Exploit-DBphpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)Exploit-DBphpMyAdmin 4.8.1 - Remote Code Execution (RCE)NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-287

Affected Products (1)

phpmyadmin · phpmyadmin (up to 4.8.2)vulnerable

References (14)

http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/104532

Third Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201904-16

Third Party Advisory

https://www.exploit-db.com/exploits/44924/

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/44928/

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs