Summary: | net-nds/phpldapadmin directory traversal (CVE-2009-4427) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | trivial | CC: | vostorga, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~2? [upstream/ebuild?] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
![]() ![]() (In reply to comment #0) > CVE-2009-4427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4427): > Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 > allows remote attackers to include and execute arbitrary local files > via a .. (dot dot) in the cmd parameter. > The only version available in portage is phpldapadmin-1.2.0.4 , which does not suffer from this vulnerability Indeed. |