The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
09 Feb 2024, 02:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject fedora
Fedoraproject Debian Debian debian Linux |
|
CWE | CWE-611 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2011/11/03/5 - Mailing List | |
References | (SREASON) http://securityreason.com/securityalert/8533 - Broken Link | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=751112 - Exploit, Issue Tracking | |
References | (SECUNIA) http://secunia.com/advisories/46447 - Broken Link, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2011/11/03/3 - Mailing List | |
References | (MISC) http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt - Broken Link, Exploit | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html - Mailing List, Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/71108 - Third Party Advisory, VDB Entry | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 - Broken Link | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2011/Nov/21 - Exploit, Mailing List, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2012/dsa-2391 - Mailing List | |
References | (BID) http://www.securityfocus.com/bid/50497 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://www.wooyun.org/bugs/wooyun-2010-03185 - Broken Link, Exploit | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html - Mailing List, Third Party Advisory | |
References | (OSVDB) http://osvdb.org/76798 - Broken Link | |
CPE | cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.3:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.4:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.2:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:* |
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* |
Information
Published : 2011-11-17 19:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-4107
Mitre link : CVE-2011-4107
CVE.ORG link : CVE-2011-4107
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
phpmyadmin
- phpmyadmin
CWE
CWE-611
Improper Restriction of XML External Entity Reference