CVE: CVE-2011-4107

Export to Word

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.12181
Percentile: 0.93519

CVSS Scoring

CVSS v3.1 Score: 6.5

Severity: MEDIUM

Mapped CWE(s)

CWE-611 : Improper Restriction of XML External Entity Reference

All CAPEC(s)

CAPEC-221: Data Serialization External Entities Blowup

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

← Back to Home