Description

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Remediation

References

CVE-2011-4107

Related Vulnerabilities

WordPress Plugin MapPress Maps for WordPress Cross-Site Request Forgery (2.53.8)

Oracle JRE CVE-2013-5824 Vulnerability (CVE-2013-5824)

WordPress Plugin WP Symposium SQL Injection (15.1)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13632)

WordPress Plugin SnapApp Multiple Cross-Site Scripting Vulnerabilities (1.5)

Severity

Medium

Classification

CVE-2011-4107 CWE-611 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities