PT-2019-6735 · Lam · Ldap Account Manager (Lam) Pro
Jan Lieskovsky
·
Publicado
2019-12-05
·
Atualizado
2019-12-12
·
CVE-2012-1114
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LDAP Account Manager (LAM) Pro version 3.6
Description
A Cross-Site Scripting (XSS) issue exists in the filter parameter to "cmd.php" in an export and exporter id action, and the filteruid parameter to "list.php".
Recommendations
For LDAP Account Manager (LAM) Pro version 3.6, consider disabling access to the "cmd.php" and "list.php" scripts until a patch is available, or restrict the use of the
filter and filteruid parameters in these scripts to minimize the risk of exploitation.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ldap Account Manager (Lam) Pro