Revision Date: | 2014-06-23 | Version: | 20 |
Title: | DSA-2333-1 phpldapadmin -- several |
Description: | Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. CVE-2011-4075 Input passed to the "orderby" parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a "create_function" function call. This can be exploited to inject and execute arbitrary PHP code. |
Family: | unix | Class: | patch |
Status: | ACCEPTED | Reference(s): | CVE-2011-4074 CVE-2011-4075 DSA-2333-1
|
Platform(s): | Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 5.0 Debian GNU/Linux 6.0
| Product(s): | phpldapadmin
|
Definition Synopsis |
Release section Debian GNU/Linux 5.0 is installed
AND Installed architecture is all
AND phpldapadmin DPKG is earlier than 1.1.0.5-6+lenny2
OR Release section
Debian 6.0 is installed
AND GNU/Linux or GNU/kFreeBSD kernel
Debian GNU/Linux is installed
OR Debian GNU/kFreeBSD is installed
AND Installed architecture is all
AND phpldapadmin DPKG is earlier than 1.2.0.5-2+squeeze1
|