VYPR
Vendor

Phpldapadmin Project

Products
1
CVEs
14
Across products
14
Status
Private

Products

1

Recent CVEs

14
  • CVE-2018-12689CriJun 22, 2018
    risk 0.64cvss 9.8epss 0.02

    phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.

  • CVE-2017-11107MedJul 8, 2017
    risk 0.40cvss 6.1epss 0.02

    phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.

  • CVE-2024-9102MedDec 19, 2024
    risk 0.26cvss epss 0.00

    phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is…

  • CVE-2024-9101LowDec 19, 2024
    risk 0.07cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the…

  • CVE-2011-4075Nov 2, 2011
    risk 0.07cvss epss 0.52

    The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

  • CVE-2009-4427Dec 28, 2009
    risk 0.04cvss epss 0.10

    Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.

  • CVE-2006-2016Apr 25, 2006
    risk 0.04cvss epss 0.08

    Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e)…

  • CVE-2005-2792Sep 2, 2005
    risk 0.04cvss epss 0.12

    Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.

  • CVE-2011-4074Nov 2, 2011
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.

  • CVE-2020-35132Dec 11, 2020
    risk 0.00cvss epss 0.01

    An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.

  • CVE-2011-4082Nov 26, 2019
    risk 0.00cvss epss 0.02

    A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.

  • CVE-2012-0834Feb 11, 2012
    risk 0.00cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

  • CVE-2005-2793Sep 2, 2005
    risk 0.00cvss epss 0.03

    PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.

  • CVE-2005-2654Aug 30, 2005
    risk 0.00cvss epss 0.02

    phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.