Published: 28/12/2009 Updated: 16/11/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpldapadmin project phpldapadmin 1.1.0.5

Debian Bug report logs - #561975 CVE-2009-4427: Local file inclusion vulnerability Package: phpldapadmin; Maintainer for phpldapadmin is Fabio Tranchitella <kobold@debianorg>; Source for phpldapadmin is src:phpldapadmin (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debianorg> Date: Mon, 21 Dec 2009 ...

It was discovered that phpLDAPadmin, a web based interface for administering LDAP servers, doesn't sanitize an internal variable, which allows remote attackers to include and execute arbitrary local files The oldstable distribution (etch) is not affected by this problem For the stable distribution (lenny), this problem has been fixed in version 1 ...

######################################################################## # PHPLDAPADMIN LOCAL FILE INCLUSION ######################################################################## author : ipsecs website : ipsecscom Date : December, 10th, 2009 -[i]- Description "Phpldapadmin is web based LDAP client which provides easy, anywhere-acc ...

CWE-22 http://www.securityfocus.com/bid/37327 http://www.exploit-db.com/exploits/10410 http://secunia.com/advisories/37848 http://www.osvdb.org/61139 http://www.mandriva.com/security/advisories?name=MDVSA-2010:023 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561975 https://nvd.nist.gov https://www.exploit-db.com/exploits/10410/https://www.debian.org/security/./dsa-1965

CVE-2009-4427

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect