Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12613

Опубликовано: 21 июн. 2018
Источник: ubuntu
Приоритет: medium
EPSS Критический
CVSS2: 6.5
CVSS3: 8.8

Описание

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

code not present
devel

not-affected

code not present
esm-apps/bionic

not-affected

code not present
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
precise/esm

DNE

trusty

not-affected

code not present
trusty/esm

not-affected

code not present
upstream

released

4.8.2

Показывать по

EPSS

Процентиль: 100%
0.94137
Критический

6.5 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVSS3: 8.8
nvd
около 7 лет назад

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

CVSS3: 8.8
debian
около 7 лет назад

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an ...

CVSS3: 8.8
github
около 3 лет назад

phpMyAdmin Improper Authentication

CVSS3: 8.8
fstec
около 7 лет назад

Уязвимость веб-приложения для администрирования cистем управления базами данных phpMyAdmin, связанная с недостатками процедуры аутентификации, позволяющая нарушителю просматривать и выполнять файлы на сервере

suse-cvrf
около 7 лет назад

Security update for phpMyAdmin

EPSS

Процентиль: 100%
0.94137
Критический

6.5 Medium

CVSS2

8.8 High

CVSS3