CVE-2005-2793

Properties

Published:
01.09.2005
Updated:
27.09.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
phpldapadmin: phpldapadmin
phpldapadmin: phpldapadmin

Vulnerability description

PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112542447219235&w=2
http://www.rgod.altervista.org/phpldap.html: http://www.rgod.altervista.org/phpldap.html
BID: http://www.securityfocus.com/bid/14695
SECUNIA: http://secunia.com/advisories/16617/
XF: http://xforce.iss.net/xforce/xfdb/22103