Medium severityNVD Advisory· Published Dec 19, 2024· Updated Apr 15, 2026

CVE-2024-9102

Description

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. NOTE: This vulnerability will not be addressed, the maintainer's position is that it is not the intention of phpLDAPadmin to control what data Administrators can put in their LDAP database, nor filter it on export.

Patches

ea17aadef46f

https://github.com/leenooks/phpldapadminvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/leenooks/phpLDAPadmin/commit/ea17aadef46fd29850160987fe7740ceed1381adnvd
github.com/leenooks/phpLDAPadmin/issues/274nvd
sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.0nvd
www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000