phpMyadmin XML Entity References Information Disclosure Vulnerability

Last Update Date: 4 Nov 2011 10:22 Release Date: 4 Nov 2011 4862 Views

RISK: High Risk

High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in phpMyAdmin, which can be exploited by malicious users to disclose potentially sensitive information.

The vulnerability is caused due to an error within libraries/import/xml.php when processing XML data, which can be exploited to e.g. disclose contents of certain local files and perform certain actions on the local network by sending specially crafted XML data including external entity references.

Impact

  • Information Disclosure

System / Technologies affected

  • phpMyadmin 3.x

Solutions

  • Restrict access to trusted users only

Vulnerability Identifier

Source

Share with

Previous

Wireshark Multiple Vulnerabilities

3 Nov 2011 4752 Views

Next

Microsoft Windows TrueType Font Parsing Code Execution Vulnerability

7 Nov 2011 4778 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY