The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
09 Feb 2024, 02:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.3:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.2:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:* |
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
CWE | CWE-611 | |
First Time |
Debian
Fedoraproject Debian debian Linux Fedoraproject fedora |
|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html - Mailing List, Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html - Mailing List, Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html - Mailing List, Third Party Advisory | |
References | () http://osvdb.org/76798 - Broken Link | |
References | () http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt - Broken Link, Exploit | |
References | () http://seclists.org/fulldisclosure/2011/Nov/21 - Exploit, Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/46447 - Broken Link, Vendor Advisory | |
References | () http://securityreason.com/securityalert/8533 - Broken Link | |
References | () http://www.debian.org/security/2012/dsa-2391 - Mailing List | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 - Broken Link | |
References | () http://www.openwall.com/lists/oss-security/2011/11/03/3 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2011/11/03/5 - Mailing List | |
References | () http://www.securityfocus.com/bid/50497 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.wooyun.org/bugs/wooyun-2010-03185 - Broken Link, Exploit | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=751112 - Exploit, Issue Tracking | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/71108 - Third Party Advisory, VDB Entry |
Information
Published : 2011-11-17 19:55
Updated : 2024-02-09 02:27
NVD link : CVE-2011-4107
Mitre link : CVE-2011-4107
CVE.ORG link : CVE-2011-4107
JSON object : View
Products Affected
fedoraproject
- fedora
phpmyadmin
- phpmyadmin
debian
- debian_linux
CWE
CWE-611
Improper Restriction of XML External Entity Reference