Published: 21/06/2018 Updated: 26/04/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 710
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

An issue exists in phpMyAdmin 4.8.x prior to 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

phpmyadmin phpmyadmin


The latest version downloaded from the official website, the file name is phpMyAdmin-481-all-languageszip The problem appears in /indexphp Find 55~63 lines Line 61 contains include $_REQUEST['target']; This is obviously LFI precursor, as long as we bypass the 55 to 59 restrictions on the line Line 57 restricts the target parameter from beg ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'phpMyAdmi ...
# Exploit Title: phpMyAdmin 481 - Local File Inclusion to Remote Code Execution # Date: 2018-06-21 # Exploit Author: VulnSpy # Vendor Homepage: wwwphpmyadminnet # Software Link: githubcom/phpmyadmin/phpmyadmin/archive/RELEASE_4_8_1targz # Version: 480, 481 # Tested on: php7 mysql5 # CVE : CVE-2018-12613 1 Run SQL Query : ...

Mailing Lists

phpMyAdmin version 481 suffers from a local file inclusion vulnerability that can lead to code execution ...
phpMyAdmin version 481 authenticated local file inclusion proof of concept exploits ...

Metasploit Modules

phpMyAdmin Authenticated Remote Code Execution

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

msf > use exploit/multi/http/phpmyadmin_lfi_rce
      msf exploit(phpmyadmin_lfi_rce) > show targets
      msf exploit(phpmyadmin_lfi_rce) > set TARGET <target-id>
      msf exploit(phpmyadmin_lfi_rce) > show options
            ...show and set options...
      msf exploit(phpmyadmin_lfi_rce) > exploit

Github Repositories


2019年CISCN华南赛区部分web题目备份 介绍 2019年CISCN华南赛区部分web题目备份 时间比较久了,这是fix后的,凭着印象改回原先存在漏洞的版本了 web1~web7为第一天的 web8~web11为第二天的 web2rar是web2的原题目,github无法添加含有git的文件夹,故此打包备份 部分提示 web1-&gt;RCE web2-&gt;SQL

Modified standalone exploit ported for Python 3

CVE-2018-12613 Modified standalone exploit ported to Python 3 Tested on Python 373, phpMyAdmin 481 running on Ubuntu 1604 Works on Linux only Original exploit by SSD All credits to them Changes made Added function to exit if provided phpMyAdmin username/password is correct Added function to check if version is vulnerable (480 or 481) Converted variables to either

Wordpress plugin Site-Editor v1.1.1 LFI exploit

CVE-2018-12613 Local file inclusion bug due to no sanitization of user input Software Affected Wordpress Plugin: Site-Editor v111; How to use This PowerShell scripts need two parameters to craft a exploit HTTP request: 1 Wordpress URL endpoint 2 A full path file to be retrieved in remote server Example Prepare all the parameters to use the script: Then file is retriev

这篇文章将分享一个phpMyAdmin 4.8.1版本的文件包含漏洞,从配置到原理,再到漏洞复现进行讲解,更重要的是让大家了解这些真实漏洞背后的知识。基础性文章,希望对您有所帮助!

CVE-2018-12613-phpMyAdmin 这篇文章将分享一个phpMyAdmin 481版本的文件包含漏洞,从配置到原理,再到漏洞复现进行讲解,更重要的是让大家了解这些真实漏洞背后的知识。基础性文章,希望对您有所帮助!

CMS Made Simple 2.2.7 RCE exploit

CVE-2018-12613 Authenticated remote command execution by uploading a fake module, dropping PHP files on remote web server Software Affected CMS Made Simple 227; How to use This PowerShell scripts need two parameters to craft a exploit HTTP request: 1 CMS Made Simple URL endpoint; 2 Cookies for unauthenticated user; 2 A command string to be executed in the remote system

cerberScan 漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿

一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Cerberus 一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安

Project Description Collection of quality safety articles collection-document awesome Table of Contents Github-list 预警&amp;研究 ImageMagick WordPress 杂 安全部 建设 加固 响应 溯源 威胁情报 综合 SRC 总结 国外SRC文章 信息收集 渗透 靶场 技巧 内网 hash 票据 代理转发 内网平台 内网收集 内网技巧


CSDNBlog-Security-Based 为了更好地管理博客文章,分享更好的知识,该系列资源为作者CSDN博客的备份文件。本资源为网络安全自学篇,包括作者安全工具利用、Web渗透、系统安全、CVE漏洞复现、安全论文及会议等知识,希望对您有所帮助!一起加油。 作者:CSDN Eastmount xiuzhang 博客:blo

记录在漏洞研究过程中编写的 POC/EXP

vuln_Exploit 记录在漏洞研究过程中编写的 POC/EXP (部分 POC/EXP 因为工作原因不能公开) Shiro rememberMe 生成 Shiro 550 Weblogic WebLogic &lt; 1036 反序列化漏洞(CVE-2017-10271) WebLogic 管理控制台未授权访问(CVE-2020-14882) WebLogic 管理控制台命令执行(CVE-2020-14883) phpMyAdmin phpMyAdmin Remote Code Exec

CSDNBlog-Security-Based 为了更好地管理博客文章,分享更好的知识,该系列资源为作者CSDN博客的备份文件,共100篇。本资源为网络安全自学篇,包括作者安全工具利用、Web渗透、系统安全、CVE漏洞复现、安全论文及会议等知识,希望对您有所帮助!一起加油。 作者:CSDN Eastmount xiuzhang 博客

Collection of quality safety articles

Project Description Collection of quality safety articles(To be rebuilt) collection-document awesome Some are inconvenient to release Some forget update,can see me star 以前的链接中大多不是优质的 渗透测试部分不再更新 因精力有限,缓慢更新 Author: [tom0li] Blog: tom0ligithubio Table of Contents Github-list 预警&a

Historical loopholes

漏洞引擎 漏洞收集整理,未经作者本人同意,谢绝转载。本文采用自己文章+外链合成,外链在文末注明来源!如有侵权请联系本人删除。所有漏洞提供漏洞利用文章和利用脚本,整理在我小密圈,链接如下: 点 击这 里就可 以拿到文 章和利用poc 最新最热 |@CVE-2019-0193_Apache Solr 远程命

hacking tools awesome lists

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx OCaml Objective-C Objective-C++ Others PHP PLSQL P


Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP ActionScript Arduino Assembly AutoHotkey Batchfile BitBake Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang F# Game Maker Language Go HCL HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Nim OCaml Objective-C Objecti

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr