phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpldapadmin | Phpldapadmin_project | 1.2.2 (including) | 1.2.2 (including) |
| Phpldapadmin | Ubuntu | artful | * |
| Phpldapadmin | Ubuntu | bionic | * |
| Phpldapadmin | Ubuntu | cosmic | * |
| Phpldapadmin | Ubuntu | disco | * |
| Phpldapadmin | Ubuntu | eoan | * |
| Phpldapadmin | Ubuntu | focal | * |
| Phpldapadmin | Ubuntu | groovy | * |
| Phpldapadmin | Ubuntu | hirsute | * |
| Phpldapadmin | Ubuntu | impish | * |
| Phpldapadmin | Ubuntu | kinetic | * |
| Phpldapadmin | Ubuntu | lunar | * |
| Phpldapadmin | Ubuntu | mantic | * |
| Phpldapadmin | Ubuntu | oracular | * |
| Phpldapadmin | Ubuntu | plucky | * |
| Phpldapadmin | Ubuntu | trusty | * |
| Phpldapadmin | Ubuntu | xenial | * |