What is CVE-2024-52792?

CVE-2024-52792 is a medium-severity vulnerability in Ldapaccountmanager Lam, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 6.5/10. Published 2024-12-17.

How severe is CVE-2024-52792?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Ldapaccountmanager Lam

CVE-2024-52792

LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.ph…

EPSS: 0.001 (23.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H.

Affected products

Ldapaccountmanager Lam — versions < 9.0

Weakness classification (CWE)

CWE-610 — Externally Controlled Reference to a Resource in Another Sphere

References

https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc (x_refsource_CONFIRM)
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv (x_refsource_MISC)
https://github.com/LDAPAccountManager/lam/blob/fd665fef3b222bf8205154b14f676815d2d6ae20/lam/templates/config/mainmanage.php#L263 (x_refsource_MISC)
https://github.com/LDAPAccountManager/lam/releases/tag/9.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-52792?: CVE-2024-52792 is a medium-severity vulnerability in Ldapaccountmanager Lam, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 6.5/10. Published 2024-12-17.
How severe is CVE-2024-52792?: Medium severity. CVSS v3 base score is 6.5 out of 10.