Vulnerability identifier: #VU65011
Vulnerability risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-276
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
LDAP Account Manager
Server applications /
Remote management servers, RDP, SSH
Vendor: LDAP Account Manager
Description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to the /lam/tmp/ directory allows interpretation of .php and is writable by default. A remote user with ability to upload PHP files into the temporary directory can execute them later on the server.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
LDAP Account Manager: 0.4.7 - 7.9.1
External links
http://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4
http://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q8g5-45m4-q95p
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.