Description
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
Exploits (1)
References (7)
Core 7
Core References
Exploit, Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/alerts/2004/May/1010113.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16076
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1010068
Patch x_refsource_confirm
http://netwinsite.com/surgeldap/updates.htm
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11549
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10294
Exploit, Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5890
Scores
EPSS
0.1317
EPSS Percentile
94.2%
Details
Status
published
Products (6)
netwin/surgeldap
1.0a
netwin/surgeldap
1.0b
netwin/surgeldap
1.0d
netwin/surgeldap
1.0e
netwin/surgeldap
1.0f
netwin/surgeldap
1.0g
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026