Medium severity6.5NVD Advisory· Published Nov 17, 2011· Updated Jun 16, 2026
CVE-2011-4107
CVE-2011-4107
Description
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 3.4.0, < 3.4.7.1 | 3.4.7.1 |
phpmyadmin/phpmyadminPackagist | >= 3.3.0, < 3.3.10.5 | 3.3.10.5 |
Affected products
7cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 3.4.0, < 3.4.7.1+ 1 more
- (no CPE)range: >= 3.4.0, < 3.4.7.1
- (no CPE)range: < 4.6.5.2-1.1
Patches
Vulnerability mechanics
References
23- www.phpmyadmin.net/home_page/security/PMASA-2011-17.phpnvdPatchVendor AdvisoryWEB
- packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txtnvdBroken LinkExploitWEB
- seclists.org/fulldisclosure/2011/Nov/21nvdExploitMailing ListThird Party AdvisoryWEB
- www.wooyun.org/bugs/wooyun-2010-03185nvdBroken LinkExploit
- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingWEB
- lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.htmlnvdMailing ListThird Party AdvisoryWEB
- secunia.com/advisories/46447nvdBroken LinkVendor Advisory
- www.securityfocus.com/bid/50497nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/71108nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-q4mm-89q2-xffgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4107ghsaADVISORY
- osvdb.org/76798nvdBroken Link
- securityreason.com/securityalert/8533nvdBroken LinkWEB
- www.debian.org/security/2012/dsa-2391nvdMailing ListWEB
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.openwall.com/lists/oss-security/2011/11/03/3nvdMailing ListWEB
- www.openwall.com/lists/oss-security/2011/11/03/5nvdMailing ListWEB
- github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2ghsaWEB
- github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbdghsaWEB
- github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717ghsaWEB
- github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5ghsaWEB
News mentions
0No linked articles in our index yet.