what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2018-12613

Status Candidate

Overview

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

Related Files

phpMyAdmin 4.8.1 Remote Code Execution
Posted Oct 25, 2021
Authored by samguy

phpMyAdmin version 4.8.1 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2018-12613
SHA-256 | c7fd500b6b33a3e044159ceaba0504a93de489c811db969c2903f7741e995f09
Gentoo Linux Security Advisory 201904-16
Posted Apr 15, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-16 - Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could result in the arbitrary execution of code. Versions less than 4.8.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-12613, CVE-2018-19968, CVE-2018-19969, CVE-2018-19970
SHA-256 | 5d7df917cdc3e3f4bf658fd761b678b2e710fc3eeaf045a1c7aff56a5653f3f9
phpMyAdmin 4.8.1 Authenticated Local File Inclusion
Posted Nov 27, 2018
Authored by Lucian Ioan Nitescu

phpMyAdmin version 4.8.1 authenticated local file inclusion proof of concept exploits.

tags | exploit, local, proof of concept, file inclusion
advisories | CVE-2018-12613
SHA-256 | 99adf4308fa706903d75dfc6e085c7ba2d9885c407bb3424f26d594818c0460a
phpMyAdmin Authenticated Remote Code Execution
Posted Jul 12, 2018
Authored by Jacob Robles, ChaMd5, Henry Huang | Site metasploit.com

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

tags | exploit, local, php, file inclusion
advisories | CVE-2018-12613
SHA-256 | dae18ef3348cf3077fd1fd7c0054e8bcb0185fb7e809a95ee03722cd6aacb0d5
phpMyAdmin 4.8.1 Code Execution / Local File Inclusion
Posted Jun 22, 2018
Authored by VulnSpy

phpMyAdmin version 4.8.1 suffers from a local file inclusion vulnerability that can lead to code execution.

tags | exploit, local, code execution, file inclusion
advisories | CVE-2018-12613
SHA-256 | 7050bd8ba32a957693bf8e975344bff3d03e5961028dc6d3ce1b55150c1c75bd
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close