CVE-2012-0834

phpldapadmin < 1.2.2 - Cross-Site Scripting via Base Parameter in Query Engine

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0834. PoCs published by andsarmiento.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpLDAPadmin 1.2.2 by injecting a malicious script into the 'base' parameter of the query_engine command. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by andsarmiento · textwebappsphp
https://www.exploit-db.com/exploits/36654

This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpLDAPadmin 1.2.2 by injecting a malicious script into the 'base' parameter of the query_engine command. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: phpLDAPadmin 1.2.2
No auth needed
Prerequisites: Access to the vulnerable phpLDAPadmin instance
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47852
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2012/02/03/3
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2012/02/02/9
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:020

Scores

EPSS 0.0497
EPSS Percentile 91.2%

Details

CWE
CWE-79
Status published
Products (1)
phpldapadmin_project/phpldapadmin < 1.2.2
Published Feb 11, 2012
Tracked Since Feb 18, 2026