Описание
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4:3.4.7.1-1 |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | not-affected | 4:3.4.7.1-1 |
| quantal | not-affected | 4:3.4.7.1-1 |
| raring | not-affected | 4:3.4.7.1-1 |
| saucy | not-affected | 4:3.4.7.1-1 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
The simplexml_load_string function in the XML import plug-in (librarie ...
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3