CVE-2009-4427 in Ubuntu

CVE-2009-4427

Priority

Description

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows
remote attackers to include and execute arbitrary local files via a .. (dot
dot) in the cmd parameter.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4427
http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Bugs

https://bugs.edge.launchpad.net/ubuntu/+source/phpldapadmin/+bug/511189

Notes

jdstrand

according to upstream, this affects 1.1.0.7 and lower

Package

Source: phpldapadmin (LP Ubuntu Debian)

Upstream:	released (1.1.0.7-1.2)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1.2.0.5-1ubuntu1)

Patches:

Vendor:	http://www.debian.org/security/2010/dsa-1965
Debdiff:	https://bugs.launchpad.net/ubuntu/jaunty/+source/phpldapadmin/+bug/511189

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-10 23:39:43 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)