PT-2005-3673 · Phpldapadmin · Phpldapadmin

Retrogod

Published

2005-09-02

Updated

2020-11-16

CVE-2005-2792

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpLDAPadmin versions 0.9.6 through 0.9.7

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the welcome.php file. This is achieved by using a .. (dot dot) in the custom welcome page parameter.

Recommendations For phpLDAPadmin versions 0.9.6 through 0.9.7, consider restricting access to the welcome.php file until a patch is available. As a temporary workaround, avoid using the custom welcome page parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2005-2792

Affected Products

Phpldapadmin

PT-2005-3673 · Phpldapadmin · Phpldapadmin

CVE-2005-2792

Weakness Enumeration

Related Identifiers

Affected Products

References · 10