[Secure-testing-team] Bug#561975: Local file inclusion vulnerability
Giuseppe Iuculano
iuculano at debian.org
Mon Dec 21 17:32:18 UTC 2009
Package: phpldapadmin
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
A vulnerability has been discovered on phpLDAPadmin, which can be exploited by
malicious people to disclose sensitive information.
Input passed via the "cmd" parameter to cmd.php is not properly verified before
being used to include files. This can be exploited to include arbitrary files
from local resources.
See: http://www.exploit-db.com/exploits/10410
http://secunia.com/advisories/37848/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksvsR8ACgkQNxpp46476aqtuQCgj81pPrUhqj6AJrWiRfD7BILB
ghgAn3lQTCTMPIVPnKK+UXKVaY4G7FcW
=thz2
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list