Test ID:	1.3.6.1.4.1.25623.1.0.70603
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: phpMyAdmin
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: phpMyAdmin CVE-2011-4107 The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4107 20111102 PhpMyAdmin Arbitrary File Reading http://seclists.org/fulldisclosure/2011/Nov/21 46447 http://secunia.com/advisories/46447 50497 http://www.securityfocus.com/bid/50497 76798 http://osvdb.org/76798 8533 http://securityreason.com/securityalert/8533 DSA-2391 http://www.debian.org/security/2012/dsa-2391 FEDORA-2011-15831 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html FEDORA-2011-15841 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html FEDORA-2011-15846 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html MDVSA-2011:198 http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 [oss-security] 20111103 CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files http://www.openwall.com/lists/oss-security/2011/11/03/3 [oss-security] 20111103 Re: CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files http://www.openwall.com/lists/oss-security/2011/11/03/5 http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php http://www.wooyun.org/bugs/wooyun-2010-03185 https://bugzilla.redhat.com/show_bug.cgi?id=751112 phpmyadmin-xml-info-disclosure(71108) https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.