admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 09:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2018/CVE-2018-19968.md

21 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2018-19968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/SexyBeast233/SecBooks
- https://github.com/duckstroms/Web-CTF-Cheatsheet
- https://github.com/vulnspy/phpmyadmin-4.8.1-allowarbitraryserver
- https://github.com/w181496/Web-CTF-Cheatsheet
Reference in New Issue Copy Permalink