1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: phpMyAdmin RFI CVE-2018-12613

Web Attack: phpMyAdmin RFI CVE-2018-12613

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote file inclusion vulnerability in phpMyAdmin.

Additional Information

phpMyAdmin is a PHP-based web application.

phpMyAdmin is prone to a remote file inclusion vulnerability. Specifically, this issue occurs because the application fails to properly test whitelisted pages. An attacker can exploit this issue to include files on the server.

An attacker can exploit this issue to include arbitrary remote files and execute arbitrary code on the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Affected

  • phpMyAdmin 4.8.0 and 4.8.1 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube