CVE-2005-2793
published 2005-09-02CVE-2005-2793: PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.74%
84.3th percentile
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpldapadmin | < phpldapadmin 0.9.6c-7 (bookworm) | phpldapadmin 0.9.6c-7 (bookworm) |
| phpldapadmin_project | phpldapadmin | — | — |
| phpldapadmin_project | phpldapadmin | — | — |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-7 | 0.9.6c-7 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-7 | 0.9.6c-7 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.6c-7 | 0.9.6c-7 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-48jv-v9q6-gcg3: PHP remote file inclusion vulnerability in welcome
ghsa_unreviewed·2022-05-01
CVE-2005-2793 [HIGH] CWE-77 GHSA-48jv-v9q6-gcg3: PHP remote file inclusion vulnerability in welcome
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
OSV
CVE-2005-2793: PHP remote file inclusion vulnerability in welcome
osv·2005-09-02·CVSS 7.5
CVE-2005-2793 [HIGH] CVE-2005-2793: PHP remote file inclusion vulnerability in welcome
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
Debian
CVE-2005-2793: phpldapadmin - PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and...
vendor_debian·2005·CVSS 7.5
CVE-2005-2793 [HIGH] CVE-2005-2793: phpldapadmin - PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and...
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
Scope: local
bookworm: resolved (fixed in 0.9.6c-7)
forky: resolved (fixed in 0.9.6c-7)
sid: resolved (fixed in 0.9.6c-7)
trixie: resolved (fixed in 0.9.6c-7)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112542447219235&w=2http://secunia.com/advisories/16617/http://www.rgod.altervista.org/phpldap.htmlhttp://www.securityfocus.com/bid/14695https://exchange.xforce.ibmcloud.com/vulnerabilities/22103http://marc.info/?l=bugtraq&m=112542447219235&w=2http://secunia.com/advisories/16617/http://www.rgod.altervista.org/phpldap.htmlhttp://www.securityfocus.com/bid/14695https://exchange.xforce.ibmcloud.com/vulnerabilities/22103
2005-09-02
Published