6.5

CVE-2011-4107

Exploit
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version >= 3.3.0.0 < 3.3.10.5
PhpmyadminPhpmyadmin Version >= 3.4.0.0 < 3.4.7.1
FedoraprojectFedora Version14
FedoraprojectFedora Version15
FedoraprojectFedora Version16
DebianDebian Linux Version5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.67% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://www.debian.org/security/2012/dsa-2391
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
Third Party Advisory
Mailing List
http://osvdb.org/76798
Broken Link
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
Exploit
Broken Link
http://seclists.org/fulldisclosure/2011/Nov/21
Third Party Advisory
Exploit
Mailing List
http://secunia.com/advisories/46447
Vendor Advisory
Broken Link
http://securityreason.com/securityalert/8533
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198
Broken Link
http://www.openwall.com/lists/oss-security/2011/11/03/3
Mailing List
http://www.openwall.com/lists/oss-security/2011/11/03/5
Mailing List
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/50497
Third Party Advisory
Broken Link
VDB Entry
http://www.wooyun.org/bugs/wooyun-2010-03185
Exploit
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=751112
Exploit
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
Third Party Advisory
VDB Entry