cbcvebase.
CVE-2005-2654
published 2005-08-30

CVE-2005-2654: phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to…

PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.78%
75.4th percentile
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianphpldapadmin< phpldapadmin 0.9.6c-5 (bookworm)phpldapadmin 0.9.6c-5 (bookworm)
phpldapadmin_projectphpldapadmin< 0.9.6c0.9.6c
phpldapadmin_projectphpldapadmin>= 0 < 0.9.6c-50.9.6c-5
phpldapadmin_projectphpldapadmin>= 0 < 0.9.6c-50.9.6c-5
phpldapadmin_projectphpldapadmin>= 0 < 0.9.6c-50.9.6c-5

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.