#VU13418 PHP file inclusion in phpMyAdmin - CVE-2018-12613

Cybersecurity Help s.r.o.

Published: 2018-06-21 | Updated: 2021-11-25

Vulnerability identifier: #VU13418

Vulnerability risk: High

CVSSv4.0: 9.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2018-12613

CWE-ID: CWE-98

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
phpMyAdmin
Web applications / Remote management & hosting panels

Vendor: phpMyAdmin

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insecure handling of file path before including a php files. A remote authenticated attacker can include and execute arbitrary PHP file from a remote location. This vulnerability can be also exploited by a remote non-authenticated attacker if phpMyAdmin is configured with one of the following options:

$cfg['AllowArbitraryServer'] = true
$cfg['ServerDefault'] = 0

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation
Update to version 4.8.2.

Vulnerable software versions

phpMyAdmin: 4.8.0 - 4.8.1

External links
https://www.phpmyadmin.net/security/PMASA-2018-4/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Gentoo update for phpMyAdmin

PHP file inclusion in phpmyadmin (Alpine package)

SUSE Linux update for phpMyAdmin

Multiple vulnerabilities in phpMyAdmin