Oval Definition:oval:org.mitre.oval:def:14902
Revision Date:2014-06-23Version:20
Title:DSA-2333-1 phpldapadmin -- several
Description:Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. CVE-2011-4075 Input passed to the "orderby" parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a "create_function" function call. This can be exploited to inject and execute arbitrary PHP code.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2011-4074
CVE-2011-4075
DSA-2333-1
Platform(s):Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Product(s):phpldapadmin
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND phpldapadmin DPKG is earlier than 1.1.0.5-6+lenny2
  • OR Release section
  • Debian 6.0 is installed
  • AND GNU/Linux or GNU/kFreeBSD kernel
  • Debian GNU/Linux is installed
  • OR Debian GNU/kFreeBSD is installed
  • AND Installed architecture is all
  • AND phpldapadmin DPKG is earlier than 1.2.0.5-2+squeeze1
  • BACK