Allele Security Alert
ASA-2018-00071, CVE-2018-19968, PMASA-2018-6
Local file inclusion through transformation feature
The phpMyAdmin Project
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
Proof of concept
A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
Daniel Le Gall
Security fix: phpMyAdmin 4.8.4 is released
phpMyAdmin – Security – PMASA-2018-6
Remove transformation plugin includes
phpMyAdmin (AllowArbitraryServer) Arbitrary File Read Vulnerability
Rogue-MySql-Server/rogue_mysql_server.py at master · Gifts/Rogue-MySql-Server
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: January 29, 2019