Lucene search

RedhatCVE-2011-4107

HistoryNov 17, 2011 - 7:55 p.m.

CVE-2011-4107

2011-11-1719:55:01

CWE-611

redhat

web.nvd.nist.gov

phpmyadmin

xml

plug-in

security

vulnerability

remote

authenticated

xxe

injection

nvd

cve-2011-4107

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.09

Percentile

94.7%

JSON

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Affected configurations

Nvd

Node

phpmyadminphpmyadminRange3.3.0.0–3.3.10.5

phpmyadminphpmyadminRange3.4.0.0–3.4.7.1

Node

fedoraprojectfedoraMatch14

fedoraprojectfedoraMatch15

fedoraprojectfedoraMatch16

Node

debiandebian_linuxMatch5.0

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
fedoraprojectfedora14cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
fedoraprojectfedora15cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
fedoraprojectfedora16cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
debiandebian_linux5.0cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
fedoraproject	fedora	14	cpe:2.3:o:fedoraproject:fedora:14:::::::*
fedoraproject	fedora	15	cpe:2.3:o:fedoraproject:fedora:15:::::::*
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
debian	debian_linux	5.0	cpe:2.3:o:debian:debian_linux:5.0:::::::*