Published: 17/11/2011 Updated: 09/02/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x prior to 3.4.7.1 and 3.3.x prior to 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin
fedoraproject fedora 16
fedoraproject fedora 15
fedoraproject fedora 14
debian debian linux 5.0

Debian Bug report logs - #656247 phpmyadmin: Local File Inclusion via XXE-injection (CVE-2011-4107) Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 17 Jan 2012 19:21:0 ...

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4107 The XML import plugin allowed a remote attacker to read arbitrary files via XML data containing external entity references CVE-2011-1940, CVE-201 ...

# Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection # Date: 12-01-2012 # Author: Marco Batista # Blog Link: wwwsecforcecom/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/ # Tested on: Windows and Linux - phpmyadmin versions: 336, 3310, 340, 345, 347 # CVE : CVE-2011-4107 requi ...

phpMyAdmin versions 33x and 34x suffer from a local file inclusion vulnerability via XXE injection The attacker must be logged in to MySQL via phpMyAdmin ...

CWE-611 http://osvdb.org/76798 http://www.securityfocus.com/bid/50497 http://seclists.org/fulldisclosure/2011/Nov/21 http://secunia.com/advisories/46447 http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php https://bugzilla.redhat.com/show_bug.cgi?id=751112 http://www.wooyun.org/bugs/wooyun-2010-03185 http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 http://securityreason.com/securityalert/8533 http://www.openwall.com/lists/oss-security/2011/11/03/3 http://www.openwall.com/lists/oss-security/2011/11/03/5 http://www.debian.org/security/2012/dsa-2391 https://exchange.xforce.ibmcloud.com/vulnerabilities/71108 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247 https://www.debian.org/security/./dsa-2391 https://nvd.nist.gov https://www.exploit-db.com/exploits/18371/

CVE-2011-4107

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect