6.5
CVE-2011-4107
- EPSS 12.18%
- Veröffentlicht 17.11.2011 19:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version >= 3.3.0.0 < 3.3.10.5
Phpmyadmin ≫ Phpmyadmin Version >= 3.4.0.0 < 3.4.7.1
Fedoraproject ≫ Fedora Version14
Fedoraproject ≫ Fedora Version15
Fedoraproject ≫ Fedora Version16
Debian ≫ Debian Linux Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.18% | 0.935 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.