CVE-2011-4075

High PUBLISHED

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby...

phpLDAPadmin · phpLDAPadmin

Not yet in CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
7.5 High

At a Glance

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

metasploit php
CVE Published
Nov 02, 2011
Exploitation Reported
Nov 02, 2011
CVSS
7.5 High
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • DSA-2333 debian.org · Vendor Advisory http://www.debian.org/security/2011/dsa-2333
  • 46672 secunia.com · Third-Party Advisory http://secunia.com/advisories/46672
  • 46551 secunia.com · Third-Party Advisory http://secunia.com/advisories/46551
  • 18021 exploit-db.com · Exploit http://www.exploit-db.com/exploits/18021/
  • 76594 osvdb.org · VDB Entry http://osvdb.org/76594
Show 7 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.