Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4427 — Path Traversal in Phpldapadmin

CWE-22 — Path Traversal7 documents7 sources

Severity

7.5HIGHNVD

EPSS

18.9%

top 4.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpldapadmin Project Phpldapadmin Debian Phpldapadmin

Timeline

PublishedDec 28

Latest updateMay 2

Description

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpldapadmin< phpldapadmin 1.1.0.7-1.1 (bookworm)

▶Debianphpldapadmin_project/phpldapadmin< 1.1.0.7-1.1+2

▶NVDphpldapadmin_project/phpldapadmin1.1.0.5

🔴Vulnerability Details

GHSA

GHSA-5jx8-6jmm-pj5j: Directory traversal vulnerability in cmd↗2022-05-02

▶

OSV

CVE-2009-4427: Directory traversal vulnerability in cmd↗2009-12-28

▶

💥Exploits & PoCs

Exploit-DB

phpLDAPadmin - Local File Inclusion↗2009-12-10

▶

📋Vendor Advisories

Red Hat

phpldapadmin: local file inclusion vulnerability↗2009-12-10

▶

Debian

CVE-2009-4427: phpldapadmin - Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remo...↗2009

▶

💬Community

Bugzilla

CVE-2009-4427 phpldapadmin: local file inclusion vulnerability↗2009-12-21

▶