phpMyAdmin Authenticated Remote Code Execution

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1. This module requires Metasploit: https://metasploit.com/download Current source:...

Fedora Update for phpMyAdmin FEDORA-2018-68349e3094

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: phpMyAdmin-4.8.2-1.fc28

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

MGASA-2018-0304 Updated phpmyadmin packages fix security vulnerability

A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name...

Updated phpmyadmin packages fix security vulnerability

A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name...

phpMyAdmin 4.8.x < 4.8.2 Vulnerability (PMASA-2018-4)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.8.x prior to 4.8.2. It is, therefore, affected by the file inclusion and remote code execution vulnerabilities Note that Nessus has not attempted to exploit these issues but has instead...

phpMyAdmin File Inclusion Vulnerability (PMASA-2018-4) - Windows

phpMyAdmin is prone to a file inclusion vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin"; if...

phpMyAdmin Cross-Site Scripting Vulnerability (PMASA-2018-3) - Windows

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

phpMyAdmin File Inclusion Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin. An...

phpMyAdmin File Inclusion Vulnerability (PMASA-2018-4) - Linux

phpMyAdmin is prone to a file inclusion vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin"; if...

phpMyAdmin Cross-Site Scripting Vulnerability (PMASA-2018-3) - Linux

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

openSUSE Security Update : phpMyAdmin (openSUSE-2018-669)

This update for phpMyAdmin fixes multiple issues. Security issues fixed : - CVE-2018-12613: File inclusion and remote code execution attack boo1098751 - CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

FreeBSD : phpmyadmin -- remote code inclusion and XSS scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)

The phpMyAdmin development team reports : Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially crafted database name. Severity We consider this attack to be of...

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2018:1806-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for phpMyAdmin (important)

This update for phpMyAdmin fixes multiple issues. Security issues fixed: CVE-2018-12613: File inclusion and remote code execution attack boo1098751 CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

Security update for phpMyAdmin (important)

This update for phpMyAdmin fixes multiple issues. Security issues fixed: CVE-2018-12613: File inclusion and remote code execution attack boo1098751 CVE-2018-12581: XSS in Designer feature boo1098752 This update to version 4.8.2 also contains number of upstream bug fixes and improvements...

Remote Code Execution (RCE) Through File Inclusion

phpmyadmin is vulnerable to remote code execution RCE attacks. The application does not properly check page validity when they are loaded or redirected, allowing a malicious user to view and execute files on the server...

Cross-site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting XSS attacks. A malicious user can use the database variable to inject and execute arbitrary Javascript when the database variable is called through the designer feature...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...