PT-2005-3674 · Phpldapadmin · Phpldapadmin

Retrogod

Published

2005-09-02

Updated

2020-11-16

CVE-2005-2793

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpLDAPadmin versions 0.9.6 through 0.9.7

Description The issue allows remote attackers to execute arbitrary PHP code via the custom welcome page parameter in the welcome.php file.

Recommendations For phpLDAPadmin versions 0.9.6 and 0.9.7, consider restricting access to the welcome.php file until a patch is available. As a temporary workaround, avoid using the custom welcome page parameter in the affected welcome.php file.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2005-2793

Affected Products

Phpldapadmin

PT-2005-3674 · Phpldapadmin · Phpldapadmin

CVE-2005-2793

Weakness Enumeration

Related Identifiers

Affected Products

References · 9