Launchpad CVE tracker

CVE 2011-4107

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

See the

CVE page on Mitre.org for more details.

References

MISC: http://packetstormsecu...
MISC: http://www.wooyun.org/...
MISC: https://bugzilla.redha...
MISC: http://seclists.org/fu...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://osvdb.org/76798
MISC: http://securityreason....
MISC: http://www.debian.org/...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.phpmyadmin....
MISC: https://exchange.xforc...

Launchpad.net

CVE 2011-4107

Related bugs

References