Solution
Please Install the Updated Packages.
Insight
Multiple vulnerabilities was discovered and corrected in phpldapadmin:
Input appended to the URL in cmd.php \(when cmd is set to _debug\) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user& #039
s
browser session in context of an affected site (CVE-2011-4074).
Input passed to the orderby parameter in cmd.php \(when cmd is set to query_engine, query is set to none, and search is set to e.g. 1\) is not properly sanitised in lib/functions.php before being used in a create_function() function call. This can be exploited to inject and execute arbitrary PHP code (CVE-2011-4075).
The updated packages have been upgraded to the latest version (1.2.2) which is not vulnerable to these issues.
Affected
phpldapadmin on Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64
Severity
Classification
-
CVE CVE-2011-4074, CVE-2011-4075 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities