Published: 02/11/2011 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x prior to 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via an _debug command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpldapadmin project phpldapadmin 1.2.0
phpldapadmin project phpldapadmin 1.2.0.1
phpldapadmin project phpldapadmin 1.2.0.2
phpldapadmin project phpldapadmin 1.2.0.3
phpldapadmin project phpldapadmin 1.2.0.4
phpldapadmin project phpldapadmin 1.2.0.5
phpldapadmin project phpldapadmin 1.2.1
phpldapadmin project phpldapadmin 1.2.1.1

Debian Bug report logs - #646769 phpldapadmin: cross-site scripting vulnerability Package: phpldapadmin; Maintainer for phpldapadmin is Fabio Tranchitella <kobold@debianorg>; Source for phpldapadmin is src:phpldapadmin (PTS, buildd, popcon) Reported by: Jonathan Wiltshire <jmw@debianorg> Date: Thu, 27 Oct 2011 00:0 ...

Debian Bug report logs - #646754 Exploit in phpldapadmin lets attacker execute arbitrary code Package: phpldapadmin; Maintainer for phpldapadmin is Fabio Tranchitella <kobold@debianorg>; Source for phpldapadmin is src:phpldapadmin (PTS, buildd, popcon) Reported by: John Bloom <john@sheeplaunchernet> Date: Wed, 26 O ...

Two vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmdphp (when cmd is set to _debug) is not properly sanitised before being returned to the user This can ...

<?php /* ------------------------------------------------------------------------ phpLDAPadmin <= 1211 (query_engine) Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author: EgiX mail: n0b0d13s[at]gmail[dot]com software ...

CWE-79 http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page http://openwall.com/lists/oss-security/2011/10/24/9 http://openwall.com/lists/oss-security/2011/10/25/2 http://secunia.com/advisories/46551 http://www.debian.org/security/2011/dsa-2333 http://osvdb.org/76593 http://secunia.com/advisories/46672 http://www.securityfocus.com/bid/50331 http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646769 https://www.exploit-db.com/exploits/18021/https://www.debian.org/security/./dsa-2333

CVE-2011-4074

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect