Search CVE reports
1 – 10 of 15 results
CVE-2016-15039
Medium priorityA vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajax_functions.js. The...
1 affected packages
phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpldapadmin | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-35132
Medium priorityAn XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
1 affected packages
phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpldapadmin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2012-1115
Medium priorityA Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
2 affected packages
ldap-account-manager, phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldap-account-manager | — | — | — | — | — |
phpldapadmin | — | — | — | — | — |
CVE-2012-1114
Medium priorityA Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
2 affected packages
ldap-account-manager, phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldap-account-manager | — | — | — | — | — |
phpldapadmin | — | — | — | — | — |
CVE-2011-4082
Medium priorityA local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
1 affected packages
phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpldapadmin | — | — | — | — | — |
CVE-2018-12689
Medium priorityphpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
1 affected packages
phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpldapadmin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2017-11107
Low prioritySome fixes available 3 of 9
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
1 affected packages
phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpldapadmin | — | — | Not affected | Fixed | Fixed |
CVE-2012-0834
Medium priorityCross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
1 affected packages
phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpldapadmin | — | — | — | — | Not affected |
CVE-2011-4075
Medium prioritySome fixes available 4 of 5
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in...
1 affected packages
phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpldapadmin | — | — | — | — | — |
CVE-2011-4074
Medium prioritySome fixes available 4 of 5
Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.
1 affected packages
phpldapadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpldapadmin | — | — | — | — | — |