⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2011-4075Code Injection in Phpldapadmin

CWE-94Code Injection11 documents9 sources
Severity
7.5HIGHNVD
EPSS
83.2%
top 0.73%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Phpldapadmin Project PhpldapadminDebian Phpldapadmin
Timeline
PublishedNov 2
Latest updateMay 13

Description

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/phpldapadmin< phpldapadmin 1.2.0.5-2.1 (bookworm)
Debianphpldapadmin_project/phpldapadmin< 1.2.0.5-2.1+2

Patches

Patch: openwall.comPatch: openwall.comPatch: openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-5h4f-2c6r-8cj3: The masort function in lib/functions2022-05-13
OSV
CVE-2011-4075: The masort function in lib/functions2011-11-02
VulnCheck
phpldapadmin_project phpldapadmin Improper Control of Generation of Code ('Code Injection')2011

💥Exploits & PoCs

3
Exploit-DB
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2)2011-10-25
Exploit-DB
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)2011-10-23
Metasploit
phpLDAPadmin query_engine Remote PHP Code Injection

📋Vendor Advisories

1
Debian
CVE-2011-4075: phpldapadmin - The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allo...2011

💬Community

2
Bugzilla
CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.82011-10-27
Bugzilla
CVE-2011-4074 CVE-2011-4075 phpldapadmin: XSS and code injection vulnerabilities in <= 1.2.1.12011-10-24