CVE-2005-2654 — Project Phpldapadmin vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpldapadmin Project Phpldapadmin Debian Phpldapadmin

Timeline

PublishedAug 30

Latest updateMay 1

Description

phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpldapadmin< phpldapadmin 0.9.6c-5 (bookworm)

▶NVDphpldapadmin_project/phpldapadmin< 0.9.6c

▶Debianphpldapadmin_project/phpldapadmin< 0.9.6c-5+2

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-qp2j-789q-r58h: phpldapadmin before 0↗2022-05-01

▶

OSV

CVE-2005-2654: phpldapadmin before 0↗2005-08-30

▶

📋Vendor Advisories

Debian

CVE-2005-2654: phpldapadmin - phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to t...↗2005

▶