DEBIAN-CVE-2011-4075

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2011-4075
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2011-4075.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2011-4075
Upstream
Published
2011-11-02T17:55:01.387Z
Modified
2025-11-14T03:05:47.725429Z
Summary
[none]
Details

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

References

Affected packages

Debian:12 / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/debian/phpldapadmin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0.5-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/debian/phpldapadmin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0.5-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/debian/phpldapadmin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0.5-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}