Vulnerability CVE-2011-4107

Vulnerability Name:

CVE-2011-4107 (CCN-71108)

Assigned:

2011-11-02

Published:

2011-11-02

Updated:

2017-08-29

Summary:

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.4 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2011-4107

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-15841

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-15846

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-15831

Source: OSVDB
Type: UNKNOWN
76798

Source: CCN
Type: Packet Storm Web site
phpMyAdmin Arbitrary File Read

Source: MISC
Type: Exploit
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt

Source: FULLDISC
Type: Exploit
20111102 PhpMyAdmin Arbitrary File Reading

Source: CCN
Type: SA46447
phpMyadmin XML Entity References Information Disclosure Vulnerability

Source: SECUNIA
Type: Vendor Advisory
46447

Source: CCN
Type: SA46870
TYPO3 phpMyAdmin Extension XML Entity References Information Disclosure Vulnerability

Source: SREASON
Type: UNKNOWN
8533

Source: CCN
Type: TYPO3-EXT-SA-2011-018
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

Source: DEBIAN
Type: UNKNOWN
DSA-2391

Source: DEBIAN
Type: DSA-2391
phpmyadmin -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:198

Source: MLIST
Type: UNKNOWN
[oss-security] 20111103 CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files

Source: MLIST
Type: UNKNOWN
[oss-security] 20111103 Re: CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files

Source: CCN
Type: OSVDB ID: 76798
phpMyadmin libraries/import/xml.php XML Data Entity References Parsing Remote Information Disclosure

Source: CCN
Type: phpMyAdmin Web Site
phpMyAdmin

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

Source: BID
Type: UNKNOWN
50497

Source: CCN
Type: BID-50497
phpMyAdmin 'simplexml_load_string()' Function Information Disclosure Vulnerability

Source: CCN
Type: WooYun-2011-03185
PhpMyadmin

Source: MISC
Type: Exploit
http://www.wooyun.org/bugs/wooyun-2010-03185

Source: CCN
Type: Red Hat Bugzilla Bug 751112
CVE-2011-4107 phpMyAdmin: Arbitrary file read flaw by loading XML strings

Source: MISC
Type: Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=751112

Source: XF
Type: UNKNOWN
phpmyadmin-xml-info-disclosure(71108)

Source: XF
Type: UNKNOWN
phpmyadmin-xml-info-disclosure(71108)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-14-2012]

Vulnerable Configuration:

Configuration 1:

cpe:/a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.10.2:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.10.3:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.3.10.4:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.6:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:phpmyadmin:phpmyadmin:3.4.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20114107	V	CVE-2011-4107	2022-06-30
oval:org.opensuse.security:def:113141	P	phpMyAdmin-4.6.5.2-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106569	P	phpMyAdmin-4.6.5.2-1.1 on GA media (Moderate)	2021-10-01
oval:org.mitre.oval:def:15400	P	DSA-2391-1 phpmyadmin -- several	2015-02-23
oval:com.ubuntu.precise:def:20114107000	V	CVE-2011-4107 on Ubuntu 12.04 LTS (precise) - medium.	2011-11-17

BACK