Search for vulnerabilities
Vulnerability details: VCID-tzhy-mtdr-bfg2
Vulnerability ID VCID-tzhy-mtdr-bfg2
Aliases CVE-2011-4107
GHSA-q4mm-89q2-xffg
Summary The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-611 Improper Restriction of XML External Entity Reference
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.12596 https://api.first.org/data/v1/epss?cve=CVE-2011-4107
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
https://api.first.org/data/v1/epss?cve=CVE-2011-4107
https://bugzilla.redhat.com/show_bug.cgi?id=751112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107
http://seclists.org/fulldisclosure/2011/Nov/21
http://securityreason.com/securityalert/8533
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2
https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd
https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717
https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5
http://www.debian.org/security/2012/dsa-2391
http://www.openwall.com/lists/oss-security/2011/11/03/3
http://www.openwall.com/lists/oss-security/2011/11/03/5
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
656247 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247
CVE-2011-4107 https://nvd.nist.gov/vuln/detail/CVE-2011-4107
GHSA-q4mm-89q2-xffg https://github.com/advisories/GHSA-q4mm-89q2-xffg
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.93712
EPSS Score 0.12596
Published At Dec. 19, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-12-19T17:41:29.236382+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 37.0.0