CVE-2011-4074

phpLDAPadmin <1.2.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.

Exploits (1)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/18021

View Code ZIP pw:eip

References (9)

[Exploit, Patch] http://openwall.com/lists/oss-security/2011/10/24/9

[Exploit, Patch] http://openwall.com/lists/oss-security/2011/10/25/2

[Third Party Advisory, VDB Entry] http://osvdb.org/76593

[Product] http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e

[Vendor Advisory] http://secunia.com/advisories/46551

[Third Party Advisory] http://secunia.com/advisories/46672

[Third Party Advisory] http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/50331

[Third Party Advisory] http://www.debian.org/security/2011/dsa-2333

Scores

EPSS 0.1183

EPSS Percentile 93.8%

Details

CWE

CWE-79

Status published

Products (8)

phpldapadmin_project/phpldapadmin 1.2.0

phpldapadmin_project/phpldapadmin 1.2.0.1

phpldapadmin_project/phpldapadmin 1.2.0.2

phpldapadmin_project/phpldapadmin 1.2.0.3

phpldapadmin_project/phpldapadmin 1.2.0.4

phpldapadmin_project/phpldapadmin 1.2.0.5

phpldapadmin_project/phpldapadmin 1.2.1

phpldapadmin_project/phpldapadmin 1.2.1.1

Published Nov 02, 2011

Tracked Since Feb 18, 2026