Search CVE reports


Toggle filters

1 – 10 of 17 results


CVE-2024-9102

Low priority
Needs evaluation

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could...

1 affected package

phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phpldapadmin Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-9101

Medium priority
Needs evaluation

A reflected cross-site scripting (XSS) vulnerability in the ‘Entry Chooser’ of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user’s browser via...

1 affected package

phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phpldapadmin Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-35132

Medium priority
Needs evaluation

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.

1 affected package

phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phpldapadmin Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-12689

Medium priority
Needs evaluation

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.

1 affected package

phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phpldapadmin Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2017-11107

Low priority

Some fixes available 3 of 9

phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.

1 affected package

phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phpldapadmin Not affected Fixed
Show less packages

CVE-2016-15039

Medium priority
Needs evaluation

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajax_functions.js. The...

1 affected package

phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phpldapadmin Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2012-1115

Medium priority
Ignored

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

2 affected packages

ldap-account-manager, phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ldap-account-manager
phpldapadmin
Show less packages

CVE-2012-1114

Medium priority
Ignored

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

2 affected packages

ldap-account-manager, phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ldap-account-manager
phpldapadmin
Show less packages

CVE-2012-0834

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

1 affected package

phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phpldapadmin
Show less packages

CVE-2011-4082

Medium priority
Not affected

A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the “Accept-Language” HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.

1 affected package

phpldapadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
phpldapadmin
Show less packages