debian · CVE-2011-4107

Quick triage

Priority: not yet assigned Published: Updated: Thu, 02 Jul 2026 04:28:53 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2011-4107 not yet assigned priority: Debian including 1 source packages (phpmyadmin), 4 status rows across 4 suites (bookworm, bullseye, sid, trixie): resolved 4.

Description:

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

cvelogic Threat Intelligence