Description

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Remediation

References

CVE-2011-4107

Related Vulnerabilities

WordPress 3.7.x Possible SQL Injection Vulnerability (3.7 - 3.7.22)

Python Improper Input Validation Vulnerability (CVE-2023-27043)

Liferay DXP Other Vulnerability (CVE-2024-26270)

WordPress Plugin WordPress Bitcoin Payments-Blockonomics Cross-Site Scripting (3.2)

WordPress Plugin Ultimate Tag Cloud Widget Unspecified Vulnerability (2.3)

Severity

Medium

Classification

CVE-2011-4107 CWE-611 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities