FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Local file inclusion

Affected packages
3.4 < phpMyAdmin <
phpMyAdmin <


VuXML ID 1f6ee708-0d22-11e1-b5bd-14dae938ec40
Discovery 2011-11-10
Entry 2011-11-12

Jan Lieskovsky reports:

Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server).


CVE Name CVE-2011-4107