Phpldapadmin Security Vulnerabilities and Issues — Phpldapadmin CVE List

Lucene search

Phpldapadmin ProjectPhpldapadmin

5 matches found

CVE•added 2011/11/02 5:55 p.m.•141 views

CVE-2011-4075

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

7.5CVSS7.4AI score0.83233EPSS

CVE•added 2019/11/26 5:15 a.m.•84 views

CVE-2011-4082

A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.

7.5CVSS7.2AI score0.00922EPSS

CVE•added 2005/08/30 5:3 p.m.•62 views

CVE-2005-2654

phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.

7.5CVSS6.5AI score0.00769EPSS

CVE•added 2009/12/28 7:0 p.m.•60 views

CVE-2009-4427

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.

7.5CVSS6.8AI score0.18921EPSS

CVE•added 2005/09/02 11:3 p.m.•52 views

CVE-2005-2793

PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.

7.5CVSS7.5AI score0.02938EPSS