Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-4107

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Published

2011-11-17T19:55:01.517

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phpmyadmin	phpmyadmin	< 3.3.10.5	Yes
Application	phpmyadmin	phpmyadmin	< 3.4.7.1	Yes
Operating System	fedoraproject	fedora	14	Yes
Operating System	fedoraproject	fedora	15	Yes
Operating System	fedoraproject	fedora	16	Yes
Operating System	debian	debian_linux	5.0	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html Mailing List, Third Party Advisory ([email protected])
http://osvdb.org/76798 Broken Link ([email protected])
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt Broken Link, Exploit ([email protected])
http://seclists.org/fulldisclosure/2011/Nov/21 Exploit, Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/46447 Broken Link, Vendor Advisory ([email protected])
http://securityreason.com/securityalert/8533 Broken Link ([email protected])
http://www.debian.org/security/2012/dsa-2391 Mailing List ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 Broken Link ([email protected])
http://www.openwall.com/lists/oss-security/2011/11/03/3 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2011/11/03/5 Mailing List ([email protected])
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/50497 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.wooyun.org/bugs/wooyun-2010-03185 Broken Link, Exploit ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=751112 Exploit, Issue Tracking ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108 Third Party Advisory, VDB Entry ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/76798 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt Broken Link, Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2011/Nov/21 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/46447 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/8533 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2012/dsa-2391 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2011/11/03/3 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2011/11/03/5 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/50497 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.wooyun.org/bugs/wooyun-2010-03185 Broken Link, Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=751112 Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)