CVE-2005-2793 — Command Injection in Phpldapadmin

CWE-77 — Command Injection4 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.9%

top 13.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpldapadmin Project Phpldapadmin Debian Phpldapadmin

Timeline

PublishedSep 2

Latest updateMay 1

Description

PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpldapadmin< phpldapadmin 0.9.6c-7 (bookworm)

▶Debianphpldapadmin_project/phpldapadmin< 0.9.6c-7+2

▶NVDphpldapadmin_project/phpldapadmin0.9.6, 0.9.7+1

🔴Vulnerability Details

GHSA

GHSA-48jv-v9q6-gcg3: PHP remote file inclusion vulnerability in welcome↗2022-05-01

▶

OSV

CVE-2005-2793: PHP remote file inclusion vulnerability in welcome↗2005-09-02

▶

📋Vendor Advisories

Debian

CVE-2005-2793: phpldapadmin - PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and...↗2005

▶