VYPR

Lam

by Ldapaccountmanager

Source repositories

CVEs (13)

  • CVE-2018-8764HigMar 27, 2018
    risk 0.57cvss 8.8epss 0.01

    Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.

  • CVE-2018-8763MedMar 27, 2018
    risk 0.40cvss 6.1epss 0.02

    Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.

  • CVE-2024-52792MedDec 17, 2024
    risk 0.35cvss 6.5epss 0.01

    LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows…

  • CVE-2025-58174MedSep 16, 2025
    risk 0.23cvss 4.6epss 0.00

    LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplied script (for example a…

  • CVE-2026-27895Mar 17, 2026
    risk 0.00cvss epss 0.00

    LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type (including .php files)…

  • CVE-2026-27894Mar 17, 2026
    risk 0.00cvss epss 0.00

    LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code.…

  • CVE-2024-23333Mar 18, 2024
    risk 0.00cvss epss 0.18

    LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code…

  • CVE-2022-31085Jun 27, 2022
    risk 0.00cvss epss 0.00

    LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or…

  • CVE-2022-31084Jun 27, 2022
    risk 0.00cvss epss 0.02

    LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor…

  • CVE-2022-31086Jun 27, 2022
    risk 0.00cvss epss 0.02

    LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote…

  • CVE-2022-31087Jun 27, 2022
    risk 0.00cvss epss 0.00

    LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An…

  • CVE-2022-31088Jun 27, 2022
    risk 0.00cvss epss 0.01

    LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This…

  • CVE-2022-24851Apr 15, 2022
    risk 0.00cvss epss 0.01

    LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated…