Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Phpldapadmin Project Subscribe
Filtered by product Phpldapadmin
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-0834 1 Phpldapadmin Project 1 Phpldapadmin 2023-02-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
CVE-2011-4075 1 Phpldapadmin Project 1 Phpldapadmin 2023-02-12 7.5 HIGH N/A
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
CVE-2011-4074 1 Phpldapadmin Project 1 Phpldapadmin 2023-02-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.
CVE-2020-35132 2 Fedoraproject, Phpldapadmin Project 2 Fedora, Phpldapadmin 2020-12-22 3.5 LOW 5.4 MEDIUM
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
CVE-2018-12689 1 Phpldapadmin Project 1 Phpldapadmin 2020-11-16 7.5 HIGH 9.8 CRITICAL
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2017-11107 2 Debian, Phpldapadmin Project 2 Debian Linux, Phpldapadmin 2020-11-16 4.3 MEDIUM 6.1 MEDIUM
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
CVE-2009-4427 1 Phpldapadmin Project 1 Phpldapadmin 2020-11-16 7.5 HIGH N/A
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
CVE-2006-2016 2 Debian, Phpldapadmin Project 2 Debian Linux, Phpldapadmin 2020-11-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
CVE-2005-2793 1 Phpldapadmin Project 1 Phpldapadmin 2020-11-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
CVE-2005-2654 1 Phpldapadmin Project 1 Phpldapadmin 2020-11-16 7.5 HIGH N/A
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
CVE-2005-2792 1 Phpldapadmin Project 1 Phpldapadmin 2020-11-16 5.0 MEDIUM N/A
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
CVE-2011-4082 2 Debian, Phpldapadmin Project 2 Debian Linux, Phpldapadmin 2020-08-18 5.0 MEDIUM 7.5 HIGH
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.