CVE-2011-4107

CVSS 6.5 - MEDIUM

Description

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Affected Products

6

Vendor	Product	Version
phpmyadmin	phpmyadmin	`All versions`
phpmyadmin	phpmyadmin	`All versions`
fedoraproject	fedora	`14`
fedoraproject	fedora	`15`
fedoraproject	fedora	`16`
debian	debian_linux	`5.0`

References

http://lists.fedoraproject.org/pipermail/package-a...

http://lists.fedoraproject.org/pipermail/package-a...

http://lists.fedoraproject.org/pipermail/package-a...

http://osvdb.org/76798

http://packetstormsecurity.org/files/view/106511/p...

http://seclists.org/fulldisclosure/2011/Nov/21

http://secunia.com/advisories/46447

http://securityreason.com/securityalert/8533

http://www.debian.org/security/2012/dsa-2391

http://www.mandriva.com/security/advisories?name=M...

http://www.openwall.com/lists/oss-security/2011/11...

http://www.openwall.com/lists/oss-security/2011/11...

http://www.phpmyadmin.net/home_page/security/PMASA...

http://www.securityfocus.com/bid/50497

http://www.wooyun.org/bugs/wooyun-2010-03185

https://bugzilla.redhat.com/show_bug.cgi?id=751112

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

http://lists.fedoraproject.org/pipermail/package-a...

http://lists.fedoraproject.org/pipermail/package-a...

http://lists.fedoraproject.org/pipermail/package-a...

Weakness Types

CWE-611

CVE Information

CVE ID:: CVE-2011-4107
Published:: 2011-11-17
Modified:: 2026-04-29
CVSS Score:: 6.5
Severity:: MEDIUM
Vector:: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Vendors

fedoraproject debian phpmyadmin

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL