VYPR
Medium severity6.5NVD Advisory· Published Nov 17, 2011· Updated Jun 16, 2026

CVE-2011-4107

CVE-2011-4107

Description

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpmyadmin/phpmyadminPackagist
>= 3.4.0, < 3.4.7.13.4.7.1
phpmyadmin/phpmyadminPackagist
>= 3.3.0, < 3.3.10.53.3.10.5

Affected products

7

Patches

Vulnerability mechanics

References

23

News mentions

0

No linked articles in our index yet.