logo
DATABASE RESOURCES PRICING ABOUT US

Remote Code Execution (RCE)

Description

ldap-account-manager:sid is vulnerable to remote code execution. LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM.


Affected Software


CPE Name Name Version
ldap-account-manager:sid 7.3-1
ldap-account-manager:bullseye 7.3-1
ldap-account-manager:sid 7.3-1
ldap-account-manager:bullseye 7.3-1

Related