Show filters
14 Total Results
Displaying 1-10 of 14
Sort by:
Attacker Value
Unknown

CVE-2024-9102

Disclosure Date: December 19, 2024 (last updated December 20, 2024)
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.
0
0
Attacker Value
Unknown

CVE-2024-9101

Disclosure Date: December 19, 2024 (last updated December 20, 2024)
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
0
0
Attacker Value
Unknown

CVE-2020-35132

Disclosure Date: December 11, 2020 (last updated February 22, 2025)
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2011-4082

Disclosure Date: November 26, 2019 (last updated November 27, 2024)
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-12689

Disclosure Date: June 22, 2018 (last updated November 26, 2024)
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2017-11107

Disclosure Date: July 08, 2017 (last updated November 26, 2024)
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2012-0834

Disclosure Date: February 11, 2012 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
0
0
Attacker Value
Unknown

CVE-2011-4074

Disclosure Date: November 02, 2011 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.
0
0
Attacker Value
Unknown

CVE-2011-4075

Disclosure Date: November 02, 2011 (last updated October 04, 2023)
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
0
0
Attacker Value
Unknown

CVE-2009-4427

Disclosure Date: December 28, 2009 (last updated October 04, 2023)
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
0
0
View More Topics  Next >