An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

The version of phpMyAdmin installed on the remote host does not correctly handle page redirections and an improper test for allowed pages leading to execution of arbitrary code and/or view sensitive files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201904-16 (phpMyAdmin: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in phpMyAdmin. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the CVE identifiers referenced below for details.
  Workaround :

    There is no known workaround at this time.

This update for phpMyAdmin fixes multiple issues.

Security issues fixed :

  - CVE-2018-12613: File inclusion and remote code execution     attack (boo#1098751)

  - CVE-2018-12581: XSS in Designer feature (boo#1098752)

This update to version 4.8.2 also contains number of upstream bug fixes and improvements.

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.8.x prior to 4.8.2. It is, therefore, affected by the file inclusion and remote code execution vulnerabilities

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The phpMyAdmin development team reports : Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially crafted database name. Severity We consider this attack to be of moderate severity. Summary File inclusion and remote code execution attack Description A flaw has been discovered where an attacker can include (view and potentially execute) files on the server.

The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages.

An attacker must be authenticated, except in these situations :

- $cfg['AllowArbitraryServer'] = true: attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin

- $cfg['ServerDefault'] = 0: this bypasses the login and runs the vulnerable code without any authentication Severity We consider this to be severe. Mitigation factor Configuring PHP with a restrictive `open_basedir` can greatly restrict an attacker's ability to view files on the server. Vulnerable systems should not be run with the phpMyAdmin directives $cfg['AllowArbitraryServer'] = true or $cfg['ServerDefault'] = 0

ID	Name	Product	Family	Severity
113289	phpMyAdmin 4.8.x < 4.8.2 Remote Code Execution	Web App Scanning	Component Vulnerability	high
124072	GLSA-201904-16 : phpMyAdmin: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
123202	openSUSE Security Update : phpMyAdmin (openSUSE-2019-490)	Nessus	SuSE Local Security Checks	high
110722	phpMyAdmin 4.8.x < 4.8.2 Vulnerability (PMASA-2018-4)	Nessus	CGI abuses	high
110680	openSUSE Security Update : phpMyAdmin (openSUSE-2018-669)	Nessus	SuSE Local Security Checks	high
110675	FreeBSD : phpmyadmin -- remote code inclusion and XSS scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2018-12613

high

Tenable Plugins

high

high

high

high

high

high