QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4107

Published: Nov 17, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

phpmyadmin-xml-info-disclosure(71108)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

FEDORA-2011-15846

vendor-advisory

x_refsource_FEDORA

[oss-security] 20111103 Re: CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files

mailing-list

x_refsource_MLIST

20111102 PhpMyAdmin Arbitrary File Reading

mailing-list

x_refsource_FULLDISC

http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

FEDORA-2011-15831

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_MANDRIVA

https://bugzilla.redhat.com/show_bug.cgi?id=751112

x_refsource_MISC

third-party-advisory

x_refsource_SREASON

[oss-security] 20111103 CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files

mailing-list

x_refsource_MLIST

http://www.wooyun.org/bugs/wooyun-2010-03185

x_refsource_MISC

http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt

x_refsource_MISC

FEDORA-2011-15841

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.