Ldap Account Manager Security Vulnerabilities and Issues — Ldap Account Manager CVE List

Lucene search

Ldap-account-managerLdap Account Manager

11 matches found

cve•added 2022/06/27 9:15 p.m.•105 views

CVE-2022-31084

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to c...

9CVSS8.2AI score0.01488EPSS

cve•added 2018/03/27 4:29 p.m.•90 views

CVE-2018-8764

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.

8.8CVSS8.5AI score0.00375EPSS

cve•added 2022/06/27 9:15 p.m.•90 views

CVE-2022-31086

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if t...

8.8CVSS7.7AI score0.01329EPSS

cve•added 2022/04/15 7:15 p.m.•83 views

CVE-2022-24851

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS pa...

8.1CVSS4.9AI score0.00991EPSS

cve•added 2022/06/27 9:15 p.m.•79 views

CVE-2022-31085

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled ...

6.1CVSS6AI score0.00089EPSS

cve•added 2022/06/27 9:15 p.m.•79 views

CVE-2022-31088

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixe...

6.5CVSS5.4AI score0.00524EPSS

cve•added 2022/06/27 9:15 p.m.•76 views

CVE-2022-31087

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of wri...

7.8CVSS7.9AI score0.00191EPSS

cve•added 2019/12/05 9:15 p.m.•60 views

CVE-2012-1115

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

6.1CVSS5.7AI score0.0084EPSS

cve•added 2018/03/27 4:29 p.m.•60 views

CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.

6.1CVSS6AI score0.00447EPSS

cve•added 2019/12/05 9:15 p.m.•58 views

CVE-2012-1114

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

6.1CVSS5.7AI score0.0084EPSS

cve•added 2013/11/05 8:55 p.m.•40 views

CVE-2013-4453

Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

4.3CVSS5.8AI score0.00475EPSS