CVE-2011-4107
published 2011-11-17CVE-2011-4107: The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows…
PriorityP350medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
12.85%
95.8th percentile
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | phpmyadmin | < phpmyadmin 4:3.4.7.1-1 (bookworm) | phpmyadmin 4:3.4.7.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.4.7.1-1 | 4:3.4.7.1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.4.7.1-1 | 4:3.4.7.1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.4.7.1-1 | 4:3.4.7.1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.4.7.1-1 | 4:3.4.7.1-1 |
| phpmyadmin | phpmyadmin | >= 3.3.0 < 3.3.10.5 | 3.3.10.5 |
| phpmyadmin | phpmyadmin | >= 3.3.0.0 < 3.3.10.5 | 3.3.10.5 |
| phpmyadmin | phpmyadmin | >= 3.4.0 < 3.4.7.1 | 3.4.7.1 |
| phpmyadmin | phpmyadmin | >= 3.4.0.0 < 3.4.7.1 | 3.4.7.1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
ghsa·2022-05-17
CVE-2011-4107 [MEDIUM] CWE-200 phpMyAdmin vulnerable to XML external entity (XXE) injection attack
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
The `simplexml_load_string` function in the XML import plug-in (`libraries/import/xml.php`) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
OSV
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
osv·2022-05-17
CVE-2011-4107 [MEDIUM] phpMyAdmin vulnerable to XML external entity (XXE) injection attack
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
The `simplexml_load_string` function in the XML import plug-in (`libraries/import/xml.php`) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
OSV
CVE-2011-4107: The simplexml_load_string function in the XML import plug-in (libraries/import/xml
osv·2011-11-17·CVSS 6.5
CVE-2011-4107 [MEDIUM] CVE-2011-4107: The simplexml_load_string function in the XML import plug-in (libraries/import/xml
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Debian
CVE-2011-4107: phpmyadmin - The simplexml_load_string function in the XML import plug-in (libraries/import/x...
vendor_debian·2011·CVSS 6.5
CVE-2011-4107 [MEDIUM] CVE-2011-4107: phpmyadmin - The simplexml_load_string function in the XML import plug-in (libraries/import/x...
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Scope: local
bookworm: resolved (fixed in 4:3.4.7.1-1)
bullseye: resolved (fixed in 4:3.4.7.1-1)
forky: resolved (fixed in 4:3.4.7.1-1)
sid: resolved (fixed in 4:3.4.7.1-1)
trixie: resolved (fixed in 4:3.4.7.1-1)
No detection rules found.
Exploit-DB
phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
exploitdb·2012-01-14·CVSS 6.5
CVE-2011-4107 [MEDIUM] phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
---
# Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection
# Date: 12-01-2012
# Author: Marco Batista
# Blog Link: http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/
# Tested on: Windows and Linux - phpmyadmin versions: 3.3.6, 3.3.10, 3.4.0, 3.4.5, 3.4.7
# CVE : CVE-2011-4107
require 'msf/core'
class Metasploit3 'phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection',
'Version' => '1.0',
'Description' => %q{Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server).
The attacker must be logged in t
Exploit-DB
HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)
exploitdb·2011-08-07
CVE-2010-4107 HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)
HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)
---
# Exploit Title: HP JetDirect PJL Interface Universal Path Traversal
# Date: Aug 7, 2011
# Author: Myo Soe
# Software Link: http://www.hp.com
# Version: All
# Tested on: HP LaserJet Pxxxx Series
##
# $Id: $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
##
# Sample Output:
#
#
# msf auxiliary(hp_printer_pjl_traversal) > show options
#
# Module options (auxiliary/admin/hp_printer_pjl_traversal):
#
# Name Current Setting Required Description
# ---- --------------- -------- -----------
# INTERACTIVE fals
Exploit-DB
HP JetDirect PJL - Query Execution (Metasploit)
exploitdb·2011-08-07
CVE-2010-4107 HP JetDirect PJL - Query Execution (Metasploit)
HP JetDirect PJL - Query Execution (Metasploit)
---
# Exploit Title: HP JetDirect PJL Query Execution
# Date: Aug 7, 2011
# Author: Myo Soe
# Software Link: http://www.hp.com
# Version: All
# Tested on: HP LaserJet Pxxxx Series
##
# $Id: $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
##
# Sample Output:
#
#
# msf auxiliary(hp_printer_pjl_cmd) > show options
#
# Module options (auxiliary/admin/hp_printer_pjl_cmd):
#
# Name Current Setting Required Description
# ---- --------------- -------- -----------
# CMD FSUPLOAD NAME="0:/../../../etc/passwd" OFFSET=0 SIZE=999 yes PJL Co
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.htmlhttp://osvdb.org/76798http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txthttp://seclists.org/fulldisclosure/2011/Nov/21http://secunia.com/advisories/46447http://securityreason.com/securityalert/8533http://www.debian.org/security/2012/dsa-2391http://www.mandriva.com/security/advisories?name=MDVSA-2011:198http://www.openwall.com/lists/oss-security/2011/11/03/3http://www.openwall.com/lists/oss-security/2011/11/03/5http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.phphttp://www.securityfocus.com/bid/50497http://www.wooyun.org/bugs/wooyun-2010-03185https://bugzilla.redhat.com/show_bug.cgi?id=751112https://exchange.xforce.ibmcloud.com/vulnerabilities/71108http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.htmlhttp://osvdb.org/76798http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txthttp://seclists.org/fulldisclosure/2011/Nov/21http://secunia.com/advisories/46447http://securityreason.com/securityalert/8533http://www.debian.org/security/2012/dsa-2391http://www.mandriva.com/security/advisories?name=MDVSA-2011:198http://www.openwall.com/lists/oss-security/2011/11/03/3http://www.openwall.com/lists/oss-security/2011/11/03/5http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.phphttp://www.securityfocus.com/bid/50497http://www.wooyun.org/bugs/wooyun-2010-03185https://bugzilla.redhat.com/show_bug.cgi?id=751112https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
2011-11-17
Published