The vulnerability in the LDAP Account Manager web application exists due to the lack of measures taken to neutralize special elements. This allows attackers to execute arbitrary code on the host by writing the web interface to the /lam/tmp/ directory.

The vulnerability of the LDAP Account Manager web application exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host by writing it into the web interface’s directory at /lam/tmp/...

PT-2022-3281 · Unknown · Ldap Account Manager

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue allows an attacker to gain code execution on the host by writing a web-shell into the tmp directory, accessible via /lam/tmp/. This directory allows interpretation of .php file...