Marco Batista

2 exploits Active since Nov 2011
CVE-2011-4107 NOMISEC MEDIUM WORKING POC
phpMyAdmin <3.4.7.1 & <3.3.10.5 - XXE Injection
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
4 stars
CVSS 6.5
CVE-2011-4107 EXPLOITDB MEDIUM ruby WORKING POC
phpMyAdmin <3.4.7.1 & <3.3.10.5 - XXE Injection
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
CVSS 6.5