CVE-2011-4069

CRITICAL

PacketFence <3.0.2 - Command Injection

Title source: llm

Description

html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

References (2)

[Patch, Vendor Advisory] https://packetfence.org/bugs/view.php?id=1293

[Issue Tracking, Vendor Advisory] https://packetfence.org/bugs/changelog_page.php?version_id=35

Scores

CVSS v3 9.8

EPSS 0.0066

EPSS Percentile 71.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-90

Status published

Products (1)

packetfence/packetfence < 3.0.1

Published Feb 01, 2018

Tracked Since Feb 18, 2026