LDAP Account Manager 注入漏洞

LDAP Account Manager is a web front-end for managing entries in stored LDAP directories e.g., users, groups, DHCP settings. versions prior to LDAP Account Manager 8.0 contain an injection vulnerability that could be exploited by an attacker to write a web-shell to the /lam/tmp/ directory and gain...

CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=renameform URI...