Main Vulnerability Database Exploits ID:4275 - Exploit for Information disclosure in phpMyAdmin - CVE-2011-4107

ID:4275 - Exploit for Information disclosure in phpMyAdmin - CVE-2011-4107

Published: August 11, 2020

Vulnerability identifier: #VU44515

Vulnerability risk: Medium

CVE-ID: CVE-2011-4107

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
phpMyAdmin

Link to public exploit:

https://www.exploit-db.com/exploits/18371/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Remediation

Install update from vendor's website.

ID:4275 - Exploit for Information disclosure in phpMyAdmin - CVE-2011-4107

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human