CVE-2012-0834
phpldapadmin < 1.2.2 - Cross-Site Scripting via Base Parameter in Query Engine
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-0834. PoCs published by andsarmiento.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpLDAPadmin 1.2.2 by injecting a malicious script into the 'base' parameter of the query_engine command. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpLDAPadmin 1.2.2 by injecting a malicious script into the 'base' parameter of the query_engine command. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.