CVE-2006-2016

phpldapadmin < 0.9.8 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2006-2016. PoCs published by r0t.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHPLDAPAdmin due to improper input sanitization. The PoC provides a URL that injects arbitrary JavaScript code into the 'dn' parameter, which executes in the context of the affected website.

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

Exploits (5)

exploitdb WORKING POC VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27722

This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHPLDAPAdmin due to improper input sanitization. The PoC provides a URL that injects arbitrary JavaScript code into the 'dn' parameter, which executes in the context of the affected website.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHPLDAPAdmin (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PHPLDAPAdmin instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27721

The provided text describes a cross-site scripting (XSS) vulnerability in PHPLDAPAdmin due to improper input sanitization. The example URL demonstrates how an attacker can inject arbitrary HTML and script code via the 'scope' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHPLDAPAdmin (version not specified)
No auth needed
Prerequisites: Access to the vulnerable search.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27719

The provided text describes a cross-site scripting (XSS) vulnerability in PHPLDAPAdmin due to improper input sanitization. The example URL demonstrates how an attacker can inject arbitrary HTML and script code via the 'dn' parameter in 'rename_form.php'.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHPLDAPAdmin (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PHPLDAPAdmin instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27718

The provided text describes a cross-site scripting (XSS) vulnerability in PHPLDAPAdmin due to improper input sanitization. The example demonstrates how an attacker can inject arbitrary HTML and script code via the 'dn' parameter in the 'copy_form.php' script.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHPLDAPAdmin (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PHPLDAPAdmin instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27717

The provided text describes a cross-site scripting (XSS) vulnerability in PHPLDAPAdmin due to improper input sanitization. The example URL demonstrates how an attacker can inject arbitrary HTML and script code via the 'dn' parameter in 'compare_form.php'.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHPLDAPAdmin (version not specified)
No auth needed
Prerequisites: Access to the vulnerable 'compare_form.php' endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17643
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25959
Exploit, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19747
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20124
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1450
Broken Link, Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/24790
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25958
Broken Link, Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/24793
Broken Link, Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/24792
Broken Link, Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/24789
Broken Link, Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/24788
Broken Link, Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/24794
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1057

Scores

EPSS 0.0822
EPSS Percentile 94.2%

Details

CWE
CWE-79
Status published
Products (3)
debian/debian_linux 3.0
debian/debian_linux 3.1
phpldapadmin_project/phpldapadmin < 0.9.8
Published Apr 25, 2006
Tracked Since Feb 18, 2026