Описание
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.2.0.5-2.1ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 1.2.0.5-1ubuntu1.10.04.2 |
| maverick | released | 1.2.0.5-1.1ubuntu1.1 |
| natty | released | 1.2.0.5-2ubuntu1.11.04.1 |
| oneiric | released | 1.2.0.5-2ubuntu1.11.10.1 |
| upstream | released | 1.2.0.5-2.1 |
Показывать по
Ссылки на источники
7.5 High
CVSS2
Связанные уязвимости
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before ...
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
7.5 High
CVSS2