What is CVE-2011-4075?

CVE-2011-4075 is a vulnerability in Phpldapadmin_project Phpldapadmin, classified under Code Injection. Published 2011-11-02.

Is CVE-2011-4075 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Phpldapadmin_project Phpldapadmin

CVE-2011-4075

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.844 (99.3th percentile) — read the EPSS interpretation.

Affected products

Phpldapadmin_project Phpldapadmin — versions 1.2.0, 1.2.0.1, 1.2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

secalert@redhat.com (x_refsource_CONFIRM)
76594 (x_refsource_OSVDB, vdb-entry)
50331 (vdb-entry, x_refsource_BID)
[oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws (mailing-list, x_refsource_MLIST, Exploit, Patch)
18021 (Exploit, exploit, x_refsource_EXPLOIT-DB)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (Exploit, x_refsource_MISC)
46672 (x_refsource_SECUNIA, third-party-advisory)
46551 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
[oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws (mailing-list, x_refsource_MLIST, Exploit, Patch)

Frequently asked questions

What is CVE-2011-4075?: CVE-2011-4075 is a vulnerability in Phpldapadmin_project Phpldapadmin, classified under Code Injection. Published 2011-11-02.
Is CVE-2011-4075 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.