{"uuid": "dd9f91be-2fc3-4e53-8b53-572f0dc993b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-12613", "type": "seen", "source": "https://t.me/arpsyndicate/4879", "content": "#ExploitObserverAlert\n\nCVE-2018-12613\n\nDESCRIPTION: Exploit Observer has 73 entries in 16 file formats related to CVE-2018-12613. An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the \"$cfg['AllowArbitraryServer'] = true\" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the \"$cfg['ServerDefault'] = 0\" case (which bypasses the login requirement and runs the vulnerable code without any authentication).\n\nFIRST-EPSS: 0.974070000\nNVD-IS: 5.9\nNVD-ES: 2.8\nARPS-PRIORITY: 0.976755", "creation_timestamp": "2024-04-25T22:16:11.000000Z"}