CVE-2018-12613

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.8.0 through 4.8.1

Description An issue was discovered in phpMyAdmin where an attacker can include and potentially execute files on the server due to improper testing for whitelisted pages during page redirection and loading within phpMyAdmin. The attacker must be authenticated, except in cases where $cfg['AllowArbitraryServer'] = true or $cfg['ServerDefault'] = 0, which can bypass login requirements or allow arbitrary code execution.

Recommendations For phpMyAdmin versions 4.8.0 through 4.8.1, update to version 4.8.2 or later to resolve the issue. As a temporary workaround, consider disabling the $cfg['AllowArbitraryServer'] and $cfg['ServerDefault'] = 0 configurations to minimize the risk of exploitation. Restrict access to sensitive files and directories on the server to prevent potential execution by an attacker.