phpMyadmin XML Entity References Information Disclosure Vulnerability
Last Update Date:
4 Nov 2011 10:22
Release Date:
4 Nov 2011
5670
Views
RISK: High Risk
TYPE: Servers - Internet App Servers
A vulnerability has been identified in phpMyAdmin, which can be exploited by malicious users to disclose potentially sensitive information.
The vulnerability is caused due to an error within libraries/import/xml.php when processing XML data, which can be exploited to e.g. disclose contents of certain local files and perform certain actions on the local network by sending specially crafted XML data including external entity references.
Impact
- Information Disclosure
System / Technologies affected
- phpMyadmin 3.x
Solutions
- Restrict access to trusted users only
Vulnerability Identifier
Source
Share with