The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-11-17T19:00:00

Updated: 2024-08-07T00:01:50.500Z

Reserved: 2011-10-18T00:00:00

Link: CVE-2011-4107

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-11-17T19:55:01.517

Modified: 2024-11-21T01:31:51.620

Link: CVE-2011-4107

cve-icon Redhat

No data.