Main Vulnerability Database Exploits ID:7044 - Exploit for PHP file inclusion in phpMyAdmin - CVE-2018-12613

ID:7044 - Exploit for PHP file inclusion in phpMyAdmin - CVE-2018-12613

Published: November 25, 2021

Vulnerability identifier: #VU13418

Vulnerability risk: High

CVE-ID: CVE-2018-12613

CWE-ID: CWE-98

Exploitation vector: Remote access

Vulnerable software:
phpMyAdmin

Link to public exploit:

https://www.exploit-db.com/exploits/50457/

Vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insecure handling of file path before including a php files. A remote authenticated attacker can include and execute arbitrary PHP file from a remote location. This vulnerability can be also exploited by a remote non-authenticated attacker if phpMyAdmin is configured with one of the following options:

$cfg['AllowArbitraryServer'] = true
$cfg['ServerDefault'] = 0

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Update to version 4.8.2.

ID:7044 - Exploit for PHP file inclusion in phpMyAdmin - CVE-2018-12613

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human