Code injection in phpLDAPadmin - CVE-2011-4075
Published: December 27, 2016 / Updated: March 14, 2017
Vulnerability identifier: #VU2936
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2011-4075
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Deon George
Affected software:
phpLDAPadmin
phpLDAPadmin
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The vulnerability exists due to absent sanitization in the "lib/functions.php" script when processing use-supplied input passed via "orderby" HTTP POST parameter to "/cmd.php" script. A remote attacker can send a specially crafted HTTP POST request to vulnerable script, inject and execute arbitrary PHP code on the target system with privileges of the web server.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: the vulnerability was being actively exploited.
How to mitigate CVE-2011-4075
Update to version 1.2.2.