CVE-2011-4075

CVE-2011-4075 affects phpLDAPadmin 1.2.x prior to 1.2.2, where the orderby parameter sent to query_engine via cmd.php allowed remote PHP code execution due to unsanitized input in the PHP create_function() call. The vulnerability enables unauthenticated remote code execution on the web server run...

CVE-2017-11107

CVE-2017-11107 affects phpLDAPadmin up to version 1.2.3, with a cross-site scripting vulnerability in htdocs/entry_chooser.php via form fields, the rdn, or container parameters. The issue stems from insufficient input sanitization in that component, enabling injected HTML/JavaScript in a user’s c...

CVE-2020-35132

CVE-2020-35132 affects phpLDAPadmin prior to 1.2.6.2. The issue is an XSS that lets a user store malicious values, which may be executed by other users later via get_request in lib/function.php. Public details indicate the vulnerability resides in phpLDAPadmin’s web interface and is triggered whe...

CVE-2011-4082

CVE-2011-4082 affects phpLDAPadmin prior to 0.9.8. The issue is a local file inclusion flaw introduced by how the Accept-Language HTTP header is processed, allowing a remote attacker to cause a denial of service via a specially crafted request. Exploitation is described as network-based, with imp...

CVE-2012-0834

The CVE-2012-0834 entry concerns a cross-site scripting (XSS) vulnerability in phpldapadmin

CVE-2005-2654

CVE-2005-2654 affects phpldapadmin prior to 0.9.6c, where an HTTP request to login.php with the anonymous_bind parameter can bypass disable_anon_bind and grant anonymous access to the LDAP server. Connected sources corroborate this flaw and link to affected releases and upstream advisories. Gento...

CVE-2009-4427

CVE-2009-4427: In phpLDAPadmin, phpLDAPadmin 1.1.0.5 is vulnerable to remote local-file inclusion via cmd.php (parameter cmd) due to insufficient input sanitising, enabling arbitrary local file execution. Debian and related advisories (DSA-1965) fix this by upgrading phpldapadmin to a later packa...

CVE-2011-4074

CVE-2011-4074 affects phpldapadmin 1.2.x up to 1.2.1.1, with an XSS in cmd.php via _debug . The root cause is improper handling of the _debug parameter, allowing injection of arbitrary script/HTML. Fedora/OpenVAS advisories confirm a fix in updates (upgrade to the latest upstream development code...

CVE-2006-2016

CVE-2006-2016 is tied to phpLDAPadmin and is confirmed by multiple sources as a set of cross-site scripting (XSS) vulnerabilities in versions up to 0.9.8 and earlier. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific user-controllable inputs: the dn pa...

CVE-2005-2793

CVE-2005-2793 : phpLDAPadmin versions 0.9.6 and 0.9.7 contain a PHP remote file inclusion in welcome.php, exploitable via the custom_welcome_page parameter to execute arbitrary PHP code. The connected documents confirm the vulnerable component and the root cause (remote file inclusion) and vulner...

CVE-2005-2792

CVE-2005-2792 affects phpLDAPadmin 0.9.6 and 0.9.7, allowing remote attackers to read arbitrary files via a dot-dot in the custom_welcome_page parameter of welcome.php (directory traversal). Multiple connected records corroborate this vulnerability and classify it as a directory traversal issue i...

CVE-2018-12689

CVE-2018-12689 affects phpLDAPadmin 1.2.2. The vulnerability allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. In the CVSS context, the issue has high/critical impact on confidentiality, integrity, a...