CVE-2011-4107

Опубликовано: 17 нояб. 2011

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Средний

Описание

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
Mailing List
Third Party Advisory
http://osvdb.org/76798
Broken Link
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
Broken Link
Exploit
http://seclists.org/fulldisclosure/2011/Nov/21
Exploit
Mailing List
Third Party Advisory
http://secunia.com/advisories/46447
Broken Link
Vendor Advisory
http://securityreason.com/securityalert/8533
Broken Link
http://www.debian.org/security/2012/dsa-2391
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198
Broken Link
http://www.openwall.com/lists/oss-security/2011/11/03/3
Mailing List
http://www.openwall.com/lists/oss-security/2011/11/03/5
Mailing List
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/50497
Broken Link
Third Party Advisory
VDB Entry
http://www.wooyun.org/bugs/wooyun-2010-03185
Broken Link
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=751112
Exploit
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
Third Party Advisory
VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Версия от 3.3.0.0 (включая) до 3.3.10.5 (исключая)

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Версия от 3.4.0.0 (включая) до 3.4.7.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11489

Средний

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

CVE-2011-4107

CVSS3: 6.5

ubuntu

больше 13 лет назад

CVE-2011-4107

CVSS3: 6.5

debian

больше 13 лет назад

The simplexml_load_string function in the XML import plug-in (librarie ...

GHSA-q4mm-89q2-xffg

CVSS3: 6.5

github

около 3 лет назад

phpMyAdmin vulnerable to XML external entity (XXE) injection attack

EPSS

Процентиль: 93%

0.11489

Средний

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-611