CVE-2005-2654
published 2005-08-30CVE-2005-2654: phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.78%
75.4th percentile
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpldapadmin | < phpldapadmin 0.9.6c-5 (bookworm) | phpldapadmin 0.9.6c-5 (bookworm) |
| phpldapadmin_project | phpldapadmin | < 0.9.6c | 0.9.6c |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-5 | 0.9.6c-5 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-5 | 0.9.6c-5 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-5 | 0.9.6c-5 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2005-2654: phpldapadmin - phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to t...
vendor_debian·2005·CVSS 7.5
CVE-2005-2654 [HIGH] CVE-2005-2654: phpldapadmin - phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to t...
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
Scope: local
bookworm: resolved (fixed in 0.9.6c-5)
forky: resolved (fixed in 0.9.6c-5)
sid: resolved (fixed in 0.9.6c-5)
trixie: resolved (fixed in 0.9.6c-5)
GHSA
GHSA-qp2j-789q-r58h: phpldapadmin before 0
ghsa_unreviewed·2022-05-01
CVE-2005-2654 [HIGH] GHSA-qp2j-789q-r58h: phpldapadmin before 0
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
OSV
CVE-2005-2654: phpldapadmin before 0
osv·2005-08-30·CVSS 7.5
CVE-2005-2654 [HIGH] CVE-2005-2654: phpldapadmin before 0
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423http://www.debian.org/security/2005/dsa-790http://www.gentoo.org/security/en/glsa/glsa-200509-04.xmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423http://www.debian.org/security/2005/dsa-790http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml
2005-08-30
Published