HTTP: phpMyAdmin tbl_replace.php Local File Inclusion
This signature detects attempts to exploit a known vulnerability against phpMyAdmin. Successful exploitation could lead to information disclosure.
Extended Description
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
Affected Products
Debian debian_linux
Short Name
HTTP:PHP:PHPMYADMIN:FILE-INC
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-19968 File Inclusion Local phpMyAdmin tbl_replace.php
Release Date
02/15/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Phpmyadmin
Debian
CVSS Score
4.0