ByteOS Network

Vulnerability Details :

CVE-2011-4107

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-17 Nov, 2011 | 19:00

Updated At-07 Aug, 2024 | 00:01

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:redhat

Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749

Published At:17 Nov, 2011 | 19:00

Updated At:07 Aug, 2024 | 00:01

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108	vdb-entry x_refsource_XF
http://secunia.com/advisories/46447	third-party-advisory x_refsource_SECUNIA
http://osvdb.org/76798	vdb-entry x_refsource_OSVDB
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html	vendor-advisory x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2011/11/03/5	mailing-list x_refsource_MLIST
http://seclists.org/fulldisclosure/2011/Nov/21	mailing-list x_refsource_FULLDISC
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php	x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2391	vendor-advisory x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html	vendor-advisory x_refsource_FEDORA
http://www.securityfocus.com/bid/50497	vdb-entry x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198	vendor-advisory x_refsource_MANDRIVA
https://bugzilla.redhat.com/show_bug.cgi?id=751112	x_refsource_MISC
http://securityreason.com/securityalert/8533	third-party-advisory x_refsource_SREASON
http://www.openwall.com/lists/oss-security/2011/11/03/3	mailing-list x_refsource_MLIST
http://www.wooyun.org/bugs/wooyun-2010-03185	x_refsource_MISC
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt	x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html	vendor-advisory x_refsource_FEDORA

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/71108

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://secunia.com/advisories/46447

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://osvdb.org/76798

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.openwall.com/lists/oss-security/2011/11/03/5

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://seclists.org/fulldisclosure/2011/Nov/21

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.debian.org/security/2012/dsa-2391

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.securityfocus.com/bid/50497

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:198

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=751112

Resource:

x_refsource_MISC

Hyperlink: http://securityreason.com/securityalert/8533

Resource:

third-party-advisory

x_refsource_SREASON

Hyperlink: http://www.openwall.com/lists/oss-security/2011/11/03/3

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.wooyun.org/bugs/wooyun-2010-03185

Resource:

x_refsource_MISC

Hyperlink: http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt

Resource:

x_refsource_MISC

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html

Resource:

vendor-advisory

x_refsource_FEDORA

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108	vdb-entry x_refsource_XF x_transferred
http://secunia.com/advisories/46447	third-party-advisory x_refsource_SECUNIA x_transferred
http://osvdb.org/76798	vdb-entry x_refsource_OSVDB x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.openwall.com/lists/oss-security/2011/11/03/5	mailing-list x_refsource_MLIST x_transferred
http://seclists.org/fulldisclosure/2011/Nov/21	mailing-list x_refsource_FULLDISC x_transferred
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php	x_refsource_CONFIRM x_transferred
http://www.debian.org/security/2012/dsa-2391	vendor-advisory x_refsource_DEBIAN x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.securityfocus.com/bid/50497	vdb-entry x_refsource_BID x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198	vendor-advisory x_refsource_MANDRIVA x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=751112	x_refsource_MISC x_transferred
http://securityreason.com/securityalert/8533	third-party-advisory x_refsource_SREASON x_transferred
http://www.openwall.com/lists/oss-security/2011/11/03/3	mailing-list x_refsource_MLIST x_transferred
http://www.wooyun.org/bugs/wooyun-2010-03185	x_refsource_MISC x_transferred
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt	x_refsource_MISC x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html	vendor-advisory x_refsource_FEDORA x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/71108

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://secunia.com/advisories/46447

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://osvdb.org/76798

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2011/11/03/5

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2011/Nov/21

Resource:

mailing-list

x_refsource_FULLDISC

x_transferred

Hyperlink: http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.debian.org/security/2012/dsa-2391

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.securityfocus.com/bid/50497

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:198

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=751112

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://securityreason.com/securityalert/8533

Resource:

third-party-advisory

x_refsource_SREASON

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2011/11/03/3

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.wooyun.org/bugs/wooyun-2010-03185

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:secalert@redhat.com

Published At:17 Nov, 2011 | 19:55

Updated At:11 Apr, 2025 | 00:51

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

phpMyAdmin

>>phpmyadmin>>Versions from 3.3.0.0(inclusive) to 3.3.10.5(exclusive)

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

phpMyAdmin

>>phpmyadmin>>Versions from 3.4.0.0(inclusive) to 3.4.7.1(exclusive)

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Fedora Project

>>fedora>>14

cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*

Fedora Project

>>fedora>>15

cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*

Fedora Project

>>fedora>>16

cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>5.0

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-611	Primary	nvd@nist.gov

CWE ID: CWE-611

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html	secalert@redhat.com	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html	secalert@redhat.com	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html	secalert@redhat.com	Mailing List Third Party Advisory
http://osvdb.org/76798	secalert@redhat.com	Broken Link
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt	secalert@redhat.com	Broken Link Exploit
http://seclists.org/fulldisclosure/2011/Nov/21	secalert@redhat.com	Exploit Mailing List Third Party Advisory
http://secunia.com/advisories/46447	secalert@redhat.com	Broken Link Vendor Advisory
http://securityreason.com/securityalert/8533	secalert@redhat.com	Broken Link
http://www.debian.org/security/2012/dsa-2391	secalert@redhat.com	Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198	secalert@redhat.com	Broken Link
http://www.openwall.com/lists/oss-security/2011/11/03/3	secalert@redhat.com	Mailing List
http://www.openwall.com/lists/oss-security/2011/11/03/5	secalert@redhat.com	Mailing List
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php	secalert@redhat.com	Patch Vendor Advisory
http://www.securityfocus.com/bid/50497	secalert@redhat.com	Broken Link Third Party Advisory VDB Entry
http://www.wooyun.org/bugs/wooyun-2010-03185	secalert@redhat.com	Broken Link Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=751112	secalert@redhat.com	Exploit Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108	secalert@redhat.com	Third Party Advisory VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://osvdb.org/76798	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt	af854a3a-2127-422b-91ae-364da2661108	Broken Link Exploit
http://seclists.org/fulldisclosure/2011/Nov/21	af854a3a-2127-422b-91ae-364da2661108	Exploit Mailing List Third Party Advisory
http://secunia.com/advisories/46447	af854a3a-2127-422b-91ae-364da2661108	Broken Link Vendor Advisory
http://securityreason.com/securityalert/8533	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://www.debian.org/security/2012/dsa-2391	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://www.openwall.com/lists/oss-security/2011/11/03/3	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://www.openwall.com/lists/oss-security/2011/11/03/5	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securityfocus.com/bid/50497	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
http://www.wooyun.org/bugs/wooyun-2010-03185	af854a3a-2127-422b-91ae-364da2661108	Broken Link Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=751112	af854a3a-2127-422b-91ae-364da2661108	Exploit Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://osvdb.org/76798

Source: secalert@redhat.com

Resource:

Broken Link

Hyperlink: http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt

Source: secalert@redhat.com

Resource:

Broken Link

Exploit

Hyperlink: http://seclists.org/fulldisclosure/2011/Nov/21

Source: secalert@redhat.com

Resource:

Exploit

Mailing List

Third Party Advisory

Hyperlink: http://secunia.com/advisories/46447

Source: secalert@redhat.com

Resource:

Broken Link

Vendor Advisory

Hyperlink: http://securityreason.com/securityalert/8533

Source: secalert@redhat.com

Resource:

Broken Link

Hyperlink: http://www.debian.org/security/2012/dsa-2391

Source: secalert@redhat.com

Resource:

Mailing List

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:198

Source: secalert@redhat.com

Resource:

Broken Link

Hyperlink: http://www.openwall.com/lists/oss-security/2011/11/03/3

Source: secalert@redhat.com

Resource:

Mailing List

Hyperlink: http://www.openwall.com/lists/oss-security/2011/11/03/5

Source: secalert@redhat.com

Resource:

Mailing List

Hyperlink: http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

Source: secalert@redhat.com

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/50497

Source: secalert@redhat.com

Resource:

Broken Link

Third Party Advisory

VDB Entry

Hyperlink: http://www.wooyun.org/bugs/wooyun-2010-03185

Source: secalert@redhat.com

Resource:

Broken Link

Exploit

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=751112

Source: secalert@redhat.com

Resource:

Exploit

Issue Tracking

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/71108

Source: secalert@redhat.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html