Published: 02/11/2011 Updated: 13/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The masort function in lib/functions.php in phpLDAPadmin 1.2.x prior to 1.2.2 allows remote malicious users to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpldapadmin project phpldapadmin 1.2.0
phpldapadmin project phpldapadmin 1.2.0.1
phpldapadmin project phpldapadmin 1.2.0.2
phpldapadmin project phpldapadmin 1.2.0.3
phpldapadmin project phpldapadmin 1.2.0.4
phpldapadmin project phpldapadmin 1.2.0.5
phpldapadmin project phpldapadmin 1.2.1
phpldapadmin project phpldapadmin 1.2.1.1

Debian Bug report logs - #646769 phpldapadmin: cross-site scripting vulnerability Package: phpldapadmin; Maintainer for phpldapadmin is Fabio Tranchitella <kobold@debianorg>; Source for phpldapadmin is src:phpldapadmin (PTS, buildd, popcon) Reported by: Jonathan Wiltshire <jmw@debianorg> Date: Thu, 27 Oct 2011 00:0 ...

Debian Bug report logs - #646754 Exploit in phpldapadmin lets attacker execute arbitrary code Package: phpldapadmin; Maintainer for phpldapadmin is Fabio Tranchitella <kobold@debianorg>; Source for phpldapadmin is src:phpldapadmin (PTS, buildd, popcon) Reported by: John Bloom <john@sheeplaunchernet> Date: Wed, 26 O ...

Two vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmdphp (when cmd is set to _debug) is not properly sanitised before being returned to the user This can ...

## # $Id: phpldapadmin_query_enginerb 14060 2011-10-25 05:25:39Z sinn3r $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/c ...

<?php /* ------------------------------------------------------------------------ phpLDAPadmin <= 1211 (query_engine) Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author: EgiX mail: n0b0d13s[at]gmail[dot]com software ...

CWE-94 http://openwall.com/lists/oss-security/2011/10/24/9 http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546 http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page http://www.exploit-db.com/exploits/18021/http://secunia.com/advisories/46551 http://openwall.com/lists/oss-security/2011/10/25/2 http://dev.metasploit.com/redmine/issues/5820 http://www.debian.org/security/2011/dsa-2333 http://osvdb.org/76594 http://secunia.com/advisories/46672 http://www.securityfocus.com/bid/50331 http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=lib/functions.php%3Bh=eb160dc9f7d74e563131e21d4c85d7849a0c6638%3Bhp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0%3Bhb=76e6dad13ef77c5448b8dfed1a61e4acc7241165%3Bhpb=5d4245f93ae6f065e7535f268e3cd87a23b07744 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646769 https://www.exploit-db.com/exploits/18031/https://www.debian.org/security/./dsa-2333

CVE-2011-4075

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect