VYPR
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026

CVE-2004-2254

CVE-2004-2254

Description

SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Netwin/Surgeldap7 versions
    cpe:2.3:a:netwin:surgeldap:1.0a:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:netwin:surgeldap:1.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeldap:1.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeldap:1.0d:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeldap:1.0e:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeldap:1.0f:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeldap:1.0g:*:*:*:*:*:*:*
    • (no CPE)range: <1.0h

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.