CVE-2011-4075

Published: Nov 2, 2011Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

Affected (8)

Products: Phpldapadmin Project: Phpldapadmin

Phpldapadmin Project

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Phpldapadmin Project Phpldapadmin	Version 1.2.0.1
Phpldapadmin Project Phpldapadmin	Version 1.2.0.2
Phpldapadmin Project Phpldapadmin	Version 1.2.0.3
Phpldapadmin Project Phpldapadmin	Version 1.2.0.4
Phpldapadmin Project Phpldapadmin	Version 1.2.0.5
Phpldapadmin Project Phpldapadmin	Version 1.2.0
Phpldapadmin Project Phpldapadmin	Version 1.2.1.1
Phpldapadmin Project Phpldapadmin	Version 1.2.1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (24)

http://dev.metasploit.com/redmine/issues/5820

Source: secalert@redhat.com

Exploit

http://openwall.com/lists/oss-security/2011/10/24/9

Source: secalert@redhat.com

ExploitPatch

http://openwall.com/lists/oss-security/2011/10/25/2

Source: secalert@redhat.com

ExploitPatch

http://osvdb.org/76594

Source: secalert@redhat.com

http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=lib/functions.php%3Bh=eb160dc9f7d74e563131e21d4c85d7849a0c6638%3Bhp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0%3Bhb=76e6dad13ef77c5448b8dfed1a61e4acc7241165%3Bhpb=5d4245f93ae6f065e7535f268e3cd87a23b07744

Source: secalert@redhat.com

http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Source: secalert@redhat.com

http://secunia.com/advisories/46551

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/46672

Source: secalert@redhat.com

http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546

Source: secalert@redhat.com

http://www.debian.org/security/2011/dsa-2333

Source: secalert@redhat.com

http://www.exploit-db.com/exploits/18021/

Source: secalert@redhat.com

Exploit

http://www.securityfocus.com/bid/50331

Source: secalert@redhat.com

http://dev.metasploit.com/redmine/issues/5820

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://openwall.com/lists/oss-security/2011/10/24/9

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://openwall.com/lists/oss-security/2011/10/25/2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://osvdb.org/76594

Source: af854a3a-2127-422b-91ae-364da2661108

http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=lib/functions.php%3Bh=eb160dc9f7d74e563131e21d4c85d7849a0c6638%3Bhp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0%3Bhb=76e6dad13ef77c5448b8dfed1a61e4acc7241165%3Bhpb=5d4245f93ae6f065e7535f268e3cd87a23b07744

Source: af854a3a-2127-422b-91ae-364da2661108

http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/46551

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/46672

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2333

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/18021/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/50331

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.