DSA-2333-1 phpldapadmin -- severalID: oval:org.secpod.oval:def:600665 | Date: (C)2012-01-30 (M)2023-02-20 |
Class: PATCH | Family: unix |
Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user"s browser session in context of an affected site. CVE-2011-4075 Input passed to the "orderby" parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a "create_function" function call. This can be exploited to inject and execute arbitrary PHP code.
Platform: |
Debian 5.0 |
Debian 6.0 |