CVE-2011-4107

Source
https://nvd.nist.gov/vuln/detail/CVE-2011-4107
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2011-4107.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2011-4107
Aliases
Downstream
Related
Published
2011-11-17T19:55:01Z
Modified
2025-08-09T20:01:25Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The simplexmlloadstring function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

References

Affected packages