Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user"s browser session in context of an affected site. CVE-2011-4075 Input passed to the "orderby" parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a "create_function" function call. This can be exploited to inject and execute arbitrary PHP code.