Description
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Remediation
References
Related Vulnerabilities
WordPress Improper Input Validation Vulnerability (CVE-2020-35539)
Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)
WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.2.8)
PHP Other Vulnerability (CVE-2003-0097)
WordPress Plugin Banner Cycler Cross-Site Request Forgery (1.4)