Fluid Attacks Database

Description

Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	phpldapadmin	>=0 <1.2.2-1	1.2.2-1
debian 13	phpldapadmin	>=0 <1.2.2-1	1.2.2-1
debian 14	phpldapadmin	>=0 <1.2.2-1	1.2.2-1

Aliases

1. CVE-2012-08342. NVD-2012-08343. OSV-DEBIAN-2012-08344. OSV-2012-08345. SECURITY-TRACKER-CVE-2012-0834

References

1. https://www.exploit-db.com/exploits/36654

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.