CVE 2009-4427
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
Related bugs and status
CVE-2009-4427 (Candidate) is related to these bugs:
Bug #384157: phpldapadmin fatal error renaming cn
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
384157 | phpldapadmin fatal error renaming cn | phpldapadmin (Ubuntu) | Undecided | Fix Released | ||
384157 | phpldapadmin fatal error renaming cn | phpldapadmin (Ubuntu Lucid) | Undecided | Fix Released |
Bug #511189: security update missed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
511189 | security update missed | phpldapadmin (Ubuntu) | Medium | Fix Released | ||
511189 | security update missed | phpldapadmin (Ubuntu Dapper) | Undecided | Won't Fix | ||
511189 | security update missed | phpldapadmin (Ubuntu Hardy) | Undecided | Won't Fix | ||
511189 | security update missed | phpldapadmin (Ubuntu Jaunty) | Undecided | Fix Released | ||
511189 | security update missed | phpldapadmin (Ubuntu Karmic) | Undecided | Won't Fix | ||
511189 | security update missed | phpldapadmin (Ubuntu Lucid) | Undecided | Fix Released | ||
511189 | security update missed | phpldapadmin (Ubuntu Maverick) | Medium | Fix Released |
Bug #551269: phpldapadmin: Incompatible with PHP 5.3
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
551269 | phpldapadmin: Incompatible with PHP 5.3 | phpldapadmin (Ubuntu) | Undecided | Fix Released | ||
551269 | phpldapadmin: Incompatible with PHP 5.3 | phpldapadmin (Debian) | Unknown | Fix Released | ||
551269 | phpldapadmin: Incompatible with PHP 5.3 | phpldapadmin (Ubuntu Lucid) | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.