CVE-2006-2016

EPSS 8.2%

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

Affected products

n/a · n/a

public PoCs found — 5

exploitdbwww.exploit-db.com/exploits/27717unverified exploitdbwww.exploit-db.com/exploits/27718unverified exploitdbwww.exploit-db.com/exploits/27719unverified exploitdbwww.exploit-db.com/exploits/27721unverified exploitdbwww.exploit-db.com/exploits/27722unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html http://secunia.com/advisories/19747 http://secunia.com/advisories/20124 https://exchange.xforce.ibmcloud.com/vulnerabilities/25958 https://exchange.xforce.ibmcloud.com/vulnerabilities/25959 http://www.debian.org/security/2006/dsa-1057 http://www.osvdb.org/24788 http://www.osvdb.org/24789 http://www.osvdb.org/24790 http://www.osvdb.org/24792 http://www.osvdb.org/24793 http://www.osvdb.org/24794