CVE-2011-4075

Name of the Vulnerable Software and Affected Versions phpLDAPadmin versions 1.2.x before 1.2.2

Description The issue allows remote attackers to execute arbitrary PHP code via the orderby parameter (also known as the sortby variable) in a query engine action to "cmd.php". This has been exploited in the wild in October 2011.

Recommendations For phpLDAPadmin versions 1.2.x before 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cmd.php" endpoint or disabling the masort function in "lib/functions.php" until a patch is applied. Avoid using the orderby parameter in the affected API endpoint until the issue is resolved.