Candidate: CVE-2011-4107
PublicDate: 2011-11-17 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107
Description:
 The simplexml_load_string function in the XML import plug-in
 (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x
 before 3.3.10.5 allows remote authenticated users to read arbitrary files
 via XML data containing external entity references, aka an XML external
 entity (XXE) injection attack.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:3.4.7.1-1)
hardy_phpmyadmin: ignored (reached end-of-life)
lucid_phpmyadmin: ignored (reached end-of-life)
maverick_phpmyadmin: ignored (reached end-of-life)
natty_phpmyadmin: ignored (reached end-of-life)
oneiric_phpmyadmin: ignored (reached end-of-life)
precise_phpmyadmin: not-affected (4:3.4.7.1-1)
quantal_phpmyadmin: not-affected (4:3.4.7.1-1)
raring_phpmyadmin: not-affected (4:3.4.7.1-1)
saucy_phpmyadmin: not-affected (4:3.4.7.1-1)
devel_phpmyadmin: not-affected (4:3.4.7.1-1)