phpLDAPadmin Project phpLDAPadmin 0.9.0

CPE Details

phpLDAPadmin Project phpLDAPadmin 0.9.0
phpldapadmin_project
phpldapadmin
0.9.0
2020-11-09
12h38 +00:00
2020-11-09
12h38 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.0:*:*:*:*:*:*:*

Informations

Vendor

phpldapadmin_project

Product

phpldapadmin

Version

0.9.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-35132 2020-12-11 03h36 +00:00 An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
5.4
Medium
CVE-2011-4082 2019-11-26 03h02 +00:00 A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
7.5
High
CVE-2017-11107 2017-07-08 10h00 +00:00 phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
6.1
Medium
CVE-2012-0834 2012-02-11 01h00 +00:00 Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
4.3
CVE-2006-2016 2006-04-25 08h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
2.6
CVE-2005-2654 2005-08-30 02h00 +00:00 phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
7.5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.