CVE-2011-4075
EPSS 84.4%
Description
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
How to fix CVE-2011-4075
To remediate CVE-2011-4075, upgrade the affected package to a fixed version below.
- Debian/phpldapadmin—upgrade to 1.2.0.5-2.1 or later
Is CVE-2011-4075 being exploited?
Likely — EPSS is 84.4%, placing CVE-2011-4075 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 1.2.0.5-2.1