CVE-2018-12613: Improper Authentication

June 21, 2018 (updated April 26, 2019)

An issue was discovered in phpMyAdm in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for allowed pages.

References

www.securityfocus.com/bid/104532
nvd.nist.gov/vuln/detail/CVE-2018-12613
www.exploit-db.com/exploits/44924/
www.exploit-db.com/exploits/44928/
www.exploit-db.com/exploits/45020/
www.phpmyadmin.net/security/PMASA-2018-4/

Code Behaviors & Features

Detect and mitigate CVE-2018-12613 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →