FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Local file inclusion

Affected packages
3.4 < phpMyAdmin < 3.4.7.1
phpMyAdmin < 3.3.10.5

Details

VuXML ID 1f6ee708-0d22-11e1-b5bd-14dae938ec40
Discovery 2011-11-10
Entry 2011-11-12

Jan Lieskovsky reports:

Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server).

[source]

References

CVE Name CVE-2011-4107
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.