VDB

CVE-2011-4075

CVE-2011-4075 PUBLISHED CVSS 7.5 HIGH

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.

EPSS 84.40% · 99.3th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
84.40%
99.3th percentile

Affected Products

VendorProductVersions
n/an/an/a
phpldapadmin_projectphpldapadmin1.2.0, 1.2.0.1, 1.2.0.2

Timeline

  • Oct 23, 2011 PoC Published
  • Oct 25, 2011 PoC Published
  • Nov 2, 2011 CVE Published
  • May 29, 2018 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›