CVE-2011-4075

EXPLOITED IN THE WILD

phpLDAPadmin <1.2.2 - RCE

Title source: llm

Description

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

Exploits (3)

exploitdb WORKING POC VERIFIED
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/18021
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpldapadmin_query_engine.rb
exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/18031

References (12)

Scores

EPSS 0.8323
EPSS Percentile 99.2%

Exploitation Intel

VulnCheck KEV 2011-11-02
InTheWild.io 2020-11-09

Classification

CWE
CWE-94
Status draft

Affected Products (8)

phpldapadmin_project/phpldapadmin
phpldapadmin_project/phpldapadmin
phpldapadmin_project/phpldapadmin
phpldapadmin_project/phpldapadmin
phpldapadmin_project/phpldapadmin
phpldapadmin_project/phpldapadmin
phpldapadmin_project/phpldapadmin
phpldapadmin_project/phpldapadmin

Timeline

Published Nov 02, 2011
Tracked Since Feb 18, 2026