Exploit for #VU13418 PHP file inclusion in phpMyAdmin

Published: 2020-03-18 | Updated: 2021-11-25

Vulnerability identifier: #VU13418

Vulnerability risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-12613

CWE-ID: CWE-98

Exploitation vector: Network

Exploits in database: 7

November 25, 2021
- phpMyAdmin 4.8.1 - Remote Code Execution (RCE) [Exploit-DB]
June 17, 2021
- phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) [Exploit-DB]
March 18, 2020
- CVE-2018-12613 (Modified standalone exploit ported for Python 3) [Github]
- CVE-2018-12613 (PHPMyAdmin v4.8.0 and v.4.8.1 LFI exploit) [Github]
- CVE-2018-7422 (Wordpress plugin Site-Editor v1.1.1 LFI exploit) [Github]
- CVE-2018-10517 (CMS Made Simple 2.2.7 RCE exploit) [Github]
- phpMyAdmin Authenticated Remote Code Execution [Metasploit]

Impact: Code execution

Vulnerable software:
phpMyAdmin
Web applications / Remote management & hosting panels

Vendor: phpMyAdmin