0xMarcio/cve
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
a1f7af13e63bb8df7e5f4b4213aa3bc22aa59913
cve/2011/CVE-2011-4107.md

21 lines
921 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2011-4107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### Description
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
### POC
#### Reference
- https://bugzilla.redhat.com/show_bug.cgi?id=751112
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/SECFORCE/CVE-2011-4107
Reference in New Issue Copy Permalink