First published: Wed Nov 02 2011(Updated: )
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phpldapadmin Project Phpldapadmin | =1.2.0 | |
Phpldapadmin Project Phpldapadmin | =1.2.0.1 | |
Phpldapadmin Project Phpldapadmin | =1.2.0.2 | |
Phpldapadmin Project Phpldapadmin | =1.2.0.3 | |
Phpldapadmin Project Phpldapadmin | =1.2.0.4 | |
Phpldapadmin Project Phpldapadmin | =1.2.0.5 | |
Phpldapadmin Project Phpldapadmin | =1.2.1 | |
Phpldapadmin Project Phpldapadmin | =1.2.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.