CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2011-4634
https://notcve.org/view.php?id=CVE-2011-4634
22 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, relat... • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071040.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 11%CPEs: 6EXPL: 6CVE-2011-4107 – phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection
https://notcve.org/view.php?id=CVE-2011-4107
17 Nov 2011 — The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. La función simplexml_load_string en la importación XML plug-in (libraries/import/xml.php) en phpMyAdmin v3.4.x anterior a v3.4.7.1, v3.3.x y v3.3.10.5 permite a usuarios remotos autenticados leer ficher... • https://www.exploit-db.com/exploits/18371 • CWE-611: Improper Restriction of XML External Entity Reference •