CVE-2018-12613 – phpMyAdmin - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-12613
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). Se ha descubierto un problema en phpMyAdmin en versiones 4.38.3x anteriores a la 4.8.2 por el cual un atacante puede incluir (ver y, potencialmente, ejecutar) archivos en el servidor. La vulnerabilidad procede de una porción de código en el que las páginas se redirigen y cargan en phpMyAdmin y se realiza una prueba inadecuada para páginas en la lista blanca. • https://www.exploit-db.com/exploits/45020 https://www.exploit-db.com/exploits/50457 https://www.exploit-db.com/exploits/44928 https://www.exploit-db.com/exploits/44924 https://github.com/0x00-0x00/CVE-2018-12613 https://github.com/ivanitlearning/CVE-2018-12613 https://github.com/eastmountyxz/CVE-2018-12613-phpMyAdmin http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html http://www.securityfocus.com/bid/104532 https://security.gentoo.org/glsa/ • CWE-287: Improper Authentication •
CVE-2017-18264
https://notcve.org/view.php?id=CVE-2017-18264
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument. Se ha descubierto un problema en libraries/common.inc.php en phpMyAdmin en versiones 4.0 anteriores a la 4.0.10.20, 4.4.x, 4.6.x y 4.7.0 "prereleases". • http://www.securityfocus.com/bid/97211 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://www.phpmyadmin.net/security/PMASA-2017-8 •
CVE-2018-10188 – phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-10188
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. phpMyAdmin 4.8.0 en versiones anteriores a la 4.8.0-1 tiene Cross-Site Request Forgery (CSRF), que permite que un atacante ejecute instrucciones SQL arbitrarias. Esto está relacionado con js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php y sql.php. phpMyAdmin versions 4.8.0 prior to 4.8.0-1 suffer from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/44496 http://www.securityfocus.com/bid/103936 http://www.securitytracker.com/id/1040752 https://www.phpmyadmin.net/security/PMASA-2018-2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-7260
https://notcve.org/view.php?id=CVE-2018-7260
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad Cross-Site Scripting (XSS) en db_central_columns.php en phpMyAdmin, en versiones anteriores a la 4.7.8, permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una URL manipulada. • http://www.securityfocus.com/bid/103099 https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3 https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin https://www.phpmyadmin.net/security/PMASA-2018-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1000499 – phpMyAdmin 4.7.x - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-1000499
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Las versiones 4.7.x (anteriores a 4.7.6.1/4.7.7) de phpMyAdmin son vulnerables a una debilidad Cross-Site Request Forgery (CSRF). Al engañar a un usuario para que haga clic en una URL manipulada, es posible realizar operaciones dañinas para la base de datos, como el borrado de registros, anulación/truncado de tablas, etc. phpMyAdmin version 4.7.x suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/45284 https://github.com/Villaquiranm/5MMISSI-CVE-2017-1000499 http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click http://www.securitytracker.com/id/1040163 https://www.phpmyadmin.net/security/PMASA-2017-9 • CWE-352: Cross-Site Request Forgery (CSRF) •