CVE-2011-4107

MEDIUM

phpMyAdmin <3.4.7.1 & <3.3.10.5 - XXE Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-4107. PoCs published by Marco Batista, SECFORCE.

AI-analyzed exploit summary This exploit leverages an XXE (XML External Entity) injection vulnerability in phpMyAdmin to perform local file inclusion. It authenticates, crafts a malicious XML file, and exfiltrates the contents of a specified file (e.g., /etc/passwd) through the import functionality.

Description

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Exploits (2)

exploitdb WORKING POC
by Marco Batista · rubywebappsphp
https://www.exploit-db.com/exploits/18371

This exploit leverages an XXE (XML External Entity) injection vulnerability in phpMyAdmin to perform local file inclusion. It authenticates, crafts a malicious XML file, and exfiltrates the contents of a specified file (e.g., /etc/passwd) through the import functionality.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: phpMyAdmin versions 3.3.6, 3.3.10, 3.4.0, 3.4.5, 3.4.7
Auth required
Prerequisites: Valid phpMyAdmin credentials · Access to the phpMyAdmin interface · XML import functionality enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by SECFORCE · poc
https://github.com/SECFORCE/CVE-2011-4107

This Metasploit auxiliary module exploits CVE-2011-4107, a Local File Inclusion (LFI) vulnerability in phpMyAdmin 3.3.X and 3.4.X via XXE injection. It authenticates, crafts a malicious XML file with an external entity to read local files, and retrieves the content through phpMyAdmin's import functionality.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: phpMyAdmin 3.3.X and 3.4.X
Auth required
Prerequisites: Valid phpMyAdmin credentials · Access to phpMyAdmin interface · Ability to create a database/table
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46447
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/76798
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/11/03/5
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Nov/21
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
Mailing List vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2391
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50497
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198
Exploit, Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=751112
Broken Link third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8533
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/11/03/3
Broken Link, Exploit x_refsource_misc
http://www.wooyun.org/bugs/wooyun-2010-03185
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html

Scores

CVSS v3 6.5
EPSS 0.1243
EPSS Percentile 94.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (6)
debian/debian_linux 5.0
fedoraproject/fedora 14
fedoraproject/fedora 15
fedoraproject/fedora 16
phpmyadmin/phpmyadmin 3.3.0.0 - 3.3.10.5
phpmyadmin/phpmyadmin 3.4.0 - 3.4.7.1Packagist
Published Nov 17, 2011
Tracked Since Feb 18, 2026