FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Local file inclusion

Affected packages
3.4 < phpMyAdmin < 3.4.7.1
phpMyAdmin < 3.3.10.5

Details

VuXML ID 1f6ee708-0d22-11e1-b5bd-14dae938ec40
Discovery 2011-11-10
Entry 2011-11-12

Jan Lieskovsky reports:

Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server).

References

CVE Name CVE-2011-4107
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php