Lucene search
PRIOn knowledge basePRION:CVE-2018-12613HistoryJun 21, 2018 - 8:29 p.m.
Authentication flaw
2018-06-2120:29:00
PRIOn knowledge base
www.prio-n.com
11
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the “$cfg[‘AllowArbitraryServer’] = true” case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the “$cfg[‘ServerDefault’] = 0” case (which bypasses the login requirement and runs the vulnerable code without any authentication).
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyadmin | ge | 4.8.0 | |
| phpmyadmin | lt | 4.8.2 |
Related
openvas
openvas
phpMyAdmin File Inclusion Vulnerability (PMASA-2018-4) - Windows
2018-06-26 00:00:00
phpMyAdmin File Inclusion Vulnerability (PMASA-2018-4) - Linux
2018-06-26 00:00:00
openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2018:1806-1)
2018-06-24 00:00:00
exploitpack
exploitpack
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
2018-06-22 00:00:00
ubuntucve
ubuntucve
CVE-2018-12613
2018-06-21 00:00:00
attackerkb
attackerkb
CVE-2018-12613
2018-06-21 00:00:00
veracode
veracode
Remote Code Execution (RCE) Through File Inclusion
2018-06-22 03:26:00
phpmyadmin
phpmyadmin
File inclusion and remote code execution attack
2018-06-19 00:00:00
packetstorm
packetstorm
phpMyAdmin Authenticated Remote Code Execution
2018-07-12 00:00:00
phpMyAdmin 4.8.1 Code Execution / Local File Inclusion
2018-06-22 00:00:00
phpMyAdmin 4.8.1 Remote Code Execution
2021-10-25 00:00:00
nuclei
nuclei
PhpMyAdmin <4.8.2 - Local File Inclusion
2021-02-20 11:58:59
cvelist
cvelist
CVE-2018-12613
2018-06-21 20:00:00
osv
osv
CVE-2018-12613
2018-06-21 20:29:00
phpMyAdmin Improper Authentication
2022-05-13 01:05:22
nvd
nvd
CVE-2018-12613
2018-06-21 20:29:00
zdt
zdt
phpMyAdmin Authenticated Remote Code Execution Exploit
2018-07-13 00:00:00
phpMyAdmin 4.8.1 Authenticated Local File Inclusion Vulnerability
2018-11-27 00:00:00
phpMyAdmin 4.8.1 Code Execution / Local File Inclusion Vulnerabilities
2018-06-22 00:00:00
checkpoint_advisories
checkpoint_advisories
phpMyAdmin index.php Local File Inclusion (CVE-2018-12613)
2018-10-02 00:00:00
alpinelinux
alpinelinux
CVE-2018-12613
2018-06-21 20:29:00
github
github
phpMyAdmin Improper Authentication
2022-05-13 01:05:22
nessus
nessus
phpMyAdmin 4.8.x < 4.8.2 Vulnerability (PMASA-2018-4)
2018-06-27 00:00:00
FreeBSD : phpmyadmin -- remote code inclusion and XSS scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)
2018-06-25 00:00:00
openSUSE Security Update : phpMyAdmin (openSUSE-2018-669)
2018-06-25 00:00:00
debiancve
debiancve
CVE-2018-12613
2018-06-21 20:29:00
cve
cve
CVE-2018-12613
2018-06-21 20:29:00
dsquare
dsquare
phpMyAdmin 4.8.1 RCE
2018-07-07 00:00:00
exploitdb
exploitdb
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
2018-06-22 00:00:00
phpMyAdmin 4.8.1 - Remote Code Execution (RCE)
2021-10-25 00:00:00
suse
suse
Security update for phpMyAdmin (important)
2018-06-23 15:10:01
Security update for phpMyAdmin (important)
2018-06-23 15:08:44
freebsd
freebsd
phpmyadmin -- remote code inclusion and XSS scripting
2018-06-21 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2019-04-15 00:00:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00