Bugs item #2919337, was opened at 2009-12-22 16:19
Message generated for change (Tracker Item Submitted) made by buc
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=498546&aid=2919337&group_id=61828Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Dmitry Butskoy (buc)
Assigned to: Nobody/Anonymous (nobody)
Summary: local file inclusion vulnerability
Initial Comment:
There is a local file inclusion vulnerability, at least in phpldapadmin versions 1.1 and 1.2.
Public exploit/advisory is availble:
http://www.exploit-db.com/exploits/10410as well as a Secunia advisory:
http://secunia.com/advisories/37848/(Note, it says that solution is upgrade to 1.2, which looks wrong. 1.2 seems to be affected as well...)
No CVE name has been assigned yet.
Please, fix it as soon as possible.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=498546&aid=2919337&group_id=61828------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
______________________________________
phpLDAPadmin development mailing list.
To unsbuscribe:
https://lists.sourceforge.net/lists/listinfo/phpldapadmin-develhttp://phpldapadmin.sourceforge.net/
