Giuseppe Iuculano
2009-Dec-21 17:32 UTC
[Secure-testing-team] Bug#561975: Local file inclusion vulnerability
Package: phpldapadmin
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
A vulnerability has been discovered on phpLDAPadmin, which can be exploited by
malicious people to disclose sensitive information.
Input passed via the "cmd" parameter to cmd.php is not properly
verified before
being used to include files. This can be exploited to include arbitrary files
from local resources.
See: http://www.exploit-db.com/exploits/10410
http://secunia.com/advisories/37848/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksvsR8ACgkQNxpp46476aqtuQCgj81pPrUhqj6AJrWiRfD7BILB
ghgAn3lQTCTMPIVPnKK+UXKVaY4G7FcW
=thz2
-----END PGP SIGNATURE-----