Skip to main content

phpMyadmin XML Entity References Information Disclosure Vulnerability

Last Update Date: 4 Nov 2011 10:22 Release Date: 4 Nov 2011 5628 Views

RISK: High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in phpMyAdmin, which can be exploited by malicious users to disclose potentially sensitive information.

The vulnerability is caused due to an error within libraries/import/xml.php when processing XML data, which can be exploited to e.g. disclose contents of certain local files and perform certain actions on the local network by sending specially crafted XML data including external entity references.


Impact

  • Information Disclosure

System / Technologies affected

  • phpMyadmin 3.x

Solutions

  • Restrict access to trusted users only

Vulnerability Identifier


Source