SUSE CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

phpMyAdmin 4.8.1 Remote Code Execution

Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Date: 17/08/2021 Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested o...

phpMyAdmin 4.8.1 - Remote Code Execution Exploit

Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested on: Linux - Debian...

openSUSE Security Update : phpMyAdmin (openSUSE-2019-490)

This update for phpMyAdmin fixes multiple issues. Security issues fixed : - CVE-2018-12613: File inclusion and remote code execution attack boo1098751 - CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

phpMyAdmin 4.8.1 Authenticated Local File Inclusion

Exploit Title: phpMyAdmin 4.8.1 - Authenticated Local File Inclusion Date: 27-11-2018 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.phpmyadmin.net/ Software Link:...

phpMyAdmin 4.8.1 Authenticated Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.1 - Authenticated Local File Inclusion Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.phpmyadmin.net/ Software...

Exploit for Improper Authentication in Phpmyadmin

CVE-2018-12613 Local file inclusion bug due to filter bypass u...

phpMyAdmin index.php Local File Inclusion (CVE-2018-12613)

A local file inclusion vulnerability exists in phpMyAdmin. The vulnerability is due to improper sanitization of the request URI. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to information...

phpMyAdmin Authenticated Remote Code Execution Exploit

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1. This module requires Metasploit: https://metasploit.com/download Current source:...

phpMyAdmin 4.8.x < 4.8.2 Vulnerability (PMASA-2018-4)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.8.x prior to 4.8.2. It is, therefore, affected by the file inclusion and remote code execution vulnerabilities Note that Nessus has not attempted to exploit these issues but has instead...

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2018:1806-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for phpMyAdmin (important)

This update for phpMyAdmin fixes multiple issues. Security issues fixed: CVE-2018-12613: File inclusion and remote code execution attack boo1098751 CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

CVE-2018-12613

phpMyAdmin 4.8.x before 4.8.2 is affected. The issue arises from a flow where pages are redirected/loaded within phpMyAdmin and an improper test for whitelisted pages enables including (and potentially executing) server files. An attacker must be authenticated, except when cfg.AllowArbitraryServe...

CVE-2018-12613

creationtimestamp| type| source ---|---|--- 2018-06-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44924 2018-06-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44928 2018-06-25 07:38:40+00:00| published-proof-of-concept| https://t.me/antichat/1642 2018-07-11...

File inclusion and remote code execution attack

PMASA-2018-4 Announcement-ID: PMASA-2018-4 Date: 2018-06-19 Updated: 2018-06-21 Summary File inclusion and remote code execution attack Description A flaw has been discovered where an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of...