2 matches found
CVE-2011-4075
CVE-2011-4075 affects phpLDAPadmin 1.2.x prior to 1.2.2, where the orderby parameter sent to query_engine via cmd.php allowed remote PHP code execution due to unsanitized input in the PHP create_function() call. The vulnerability enables unauthenticated remote code execution on the web server run...
CVE-2011-4074
CVE-2011-4074 affects phpldapadmin 1.2.x up to 1.2.1.1, with an XSS in cmd.php via _debug . The root cause is improper handling of the _debug parameter, allowing injection of arbitrary script/HTML. Fedora/OpenVAS advisories confirm a fix in updates (upgrade to the latest upstream development code...