#VU2936 Code injection in phpLDAPadmin - CVE-2011-4075
Published: December 27, 2016 / Updated: March 14, 2017
Vulnerability identifier: #VU2936
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2011-4075
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
phpLDAPadmin
phpLDAPadmin
Software vendor:
Deon George
Deon George
Description
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The vulnerability exists due to absent sanitization in the "lib/functions.php" script when processing use-supplied input passed via "orderby" HTTP POST parameter to "/cmd.php" script. A remote attacker can send a specially crafted HTTP POST request to vulnerable script, inject and execute arbitrary PHP code on the target system with privileges of the web server.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: the vulnerability was being actively exploited.
Remediation
Update to version 1.2.2.