PhpMyAdmin 4.8.2 Crack
This page contains detailed information about how to use the auxiliary/scanner/http/phpmyadmin_login metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
phpMyAdmin 4.8.2 Crack
Name: PhpMyAdmin Login ScannerModule: auxiliary/scanner/http/phpmyadmin_loginSource code: modules/auxiliary/scanner/http/phpmyadmin_login.rbDisclosure date: -Last modification time: 2021-08-31 17:10:07 +0000Supported architecture(s): -Supported platform(s): -Target service / protocol: http, httpsTarget network port(s): 80, 443, 3000, 8000, 8008, 8080, 8443, 8880, 8888List of CVEs: -
This page contains detailed information about the phpMyAdmin 4.8.x Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.
ID: 110722Name: phpMyAdmin 4.8.x Filename: phpmyadmin_pmasa_2018_4.naslVulnerability Published: 2018-06-21This Plugin Published: 2018-06-27Last Modification Time: 2022-04-11Plugin Version: 1.9Plugin Type: remotePlugin Family: CGI abusesDependencies: phpMyAdmin_detect.naslRequired KB Items [?]: installed_sw/phpMyAdmin, Settings/ParanoidReport, www/PHP
Severity: HighVulnerability Published: 2018-06-21Patch Published: 2018-06-21CVE [?]: CVE-2018-12613CPE [?]: cpe:/a:phpmyadmin:phpmyadmin
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.8.x prior to 4.8.2. It is, therefore, affected by the file inclusion and remote code execution vulnerabilities
This is the phpmyadmin_pmasa_2018_4.nasl nessus plugin source code. This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.#%NASL_MIN_LEVEL 70300## (C) Tenable Network Security, Inc.#include('deprecated_nasl_level.inc');include('compat.inc');if (description) script_id(110722); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11"); script_cve_id("CVE-2018-12613"); script_bugtraq_id(104532); script_name(english:"phpMyAdmin 4.8.x
The latest version of this script can be found in these locations depending on your platform:Linux / Unix:/opt/nessus/lib/nessus/plugins/phpmyadmin_pmasa_2018_4.nasl
Mac OS X:/Library/Nessus/run/lib/nessus/plugins/phpmyadmin_pmasa_2018_4.nasl
This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.Plugin file phpmyadmin_pmasa_2018_4.nasl version 1.9. For more plugins, visit the Nessus Plugin Library.
With the database password, an attacker could attempt to login as the WordPress admin using the same password (if passwords were re-used). A more common attack vector would be to login to the phpmyadmin script if installed, as this uses the database credentials. If MySQL is exposed, it may even possible to directly connect to the database using a MySQL database client and the leaked credentials.
Access to the database provides the attacker options to reset the administrator password, attempt to crack the admin hash, modify content in the database, adding malicious js or iframes. There are many possibilities for further exploitation once the credentials in wp-config.php are leaked.
ID: 138595Name: phpMyAdmin 4.x Filename: phpmyadmin_pmasa_2020_1.naslVulnerability Published: 2020-01-05This Plugin Published: 2020-07-17Last Modification Time: 2022-04-11Plugin Version: 1.3Plugin Type: remotePlugin Family: CGI abusesDependencies: phpMyAdmin_detect.naslRequired KB Items [?]: installed_sw/phpMyAdmin, www/PHP
Severity: HighVulnerability Published: 2020-01-05Patch Published: 2020-01-05CVE [?]: CVE-2020-5504CPE [?]: cpe:/a:phpmyadmin:phpmyadmin
This is the phpmyadmin_pmasa_2020_1.nasl nessus plugin source code. This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.#%NASL_MIN_LEVEL 70300## (C) Tenable Network Security, Inc.#include('deprecated_nasl_level.inc');include('compat.inc');if (description) script_id(138595); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11"); script_cve_id("CVE-2020-5504"); script_name(english:"phpMyAdmin 4.x 350c69d7ab